hxxp://youtube[.]com

Analysis

max time kernel
1775s
max time network
1776s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24-08-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	\??\A:\$RECYCLE.BIN\S-1-5-21-3007475212-2160282277-2943627620-1000\desktop.ini	msedge.exe

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	vds.exe
File opened (read-only)	\??\A:	vds.exe
File opened (read-only)	\??\A:	msedge.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	vds.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\compmgmt.msc	mmc.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	vds.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 33 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e8788e6ab0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000070ec3f000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000008000000700a100e0950cce30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000030f435000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000f0f804000000ffffffff000000000f0000000080031b700a100e0000000000000007360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001007360000000000e0f804000000ffffffff000000000600010000080000700a100e00000000000010073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100ec269deef0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000107c3d000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e08e3d0000000000007102000000ffffffff00000000060001000070c71e700a100e000000000000e08e3d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e0a6bdd670000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000010ed3a000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000008000000700a100e0950cce30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000030f435000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000f0f804000000ffffffff000000000f0000000080031b700a100e0000000000000007360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100ec269ddef0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000107c3d000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e08e3d0000000000007102000000ffffffff00000000070001000070c71e700a100e000000000000e08e3d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e838de67b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000d0f435000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e078be65b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000010ed3a000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\AttributesTableCache = a2a0d0ebe5b9334487c068b6b72699c70000000000000000	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e8788e65b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000010ed3f000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e866dddd70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000030f435000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000008000000700a100e0950cce30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000030f435000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000f0f804000000ffffffff000000000f0000000080031b700a100e0000000000000007360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001007360000000000e0f804000000ffffffff000000000700010000080000700a100e00000000000010073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007360000000000000000000000ffffffff000000000000000000000000700a100e00000000000000073600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	vds.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100ebf89e6db0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000107c3d000000ffffffff000000000700010000680900700a100e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vds.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{CEBAB3AD-5C86-4CAE-8589-126A8CC81695}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0200000004000000030000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
816	msedge.exe
816	msedge.exe
3748	identity_helper.exe
3748	identity_helper.exe
3608	msedge.exe
3608	msedge.exe
4600	msedge.exe
4600	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
1432	msedge.exe
1432	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3636	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: 33	2620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2620	AUDIODG.EXE
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: SeSecurityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe
Token: 33	3636	mmc.exe
Token: SeIncBasePriorityPrivilege	3636	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
952	MiniSearchHost.exe
3636	mmc.exe
3636	mmc.exe
3636	mmc.exe
3636	mmc.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 3496	816	msedge.exe	81
PID 816 wrote to memory of 3496	816	msedge.exe	81
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 460	816	msedge.exe	83
PID 816 wrote to memory of 1952	816	msedge.exe	84
PID 816 wrote to memory of 1952	816	msedge.exe	84
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85
PID 816 wrote to memory of 1448	816	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf2943cb8,0x7ffcf2943cc8,0x7ffcf2943cd8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,16610655527650127036,18068156203737331260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1716

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3636

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
1.2MB

MD5
038c1f469deb6932520d09a340856ebc

SHA1
8b361a8c0489b69e9ef4e132e36f20c161c5ec1e

SHA256
5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451

SHA512
fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ea2ac487bddbf0bf1eb042b27e4ddf07

SHA1
3767f15b64d7e5c1d9fba0a3a4a6513c40092715

SHA256
560d3130f8539efc17b1687e2e462db34183f35ef7ba7f78759f5741ea4975d3

SHA512
dd8e95d6dad286903471326c1a8d877371f2d701f675664eb0ba48bb93b779332558f645a123c0d0a968012f81837e3e3776e6b9d4829ae2dfb3a67ee62bd1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dd52255c90b0987d1c7d73b9d1aa4871

SHA1
185cf897d3124e64731fc784643ae57eb5034033

SHA256
e7f699aa432d9246584d2576d1105f422258ff92e282d1be2db288c868228235

SHA512
8e28acff92c4211514cdcb67a33abb31b6d6096aee45dc1afcb9806ba65ed1d1fe63dcffb1f26c44467d37eaf6b0347fe36a963c46f8d7c7430f60609beafb9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
278cad71f081b17bc393e80a6261d9e8

SHA1
53e5ac7fb96532948dba7f6af683f49cf34b939a

SHA256
e5979a9354d3bd64fe56267fb718adc53d51aea3551bed3e9ad3591867604531

SHA512
b9eb15d6896f9cf3881a0bf3073a27b5b192d578ad417473a6856a774b25853818dd2ed3cb103b3c95ab8fda14bc6ec7c1fb4ddf9d07a2eb6c105ee6f194c79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8d7964131176bd86d7e403ee904f244a

SHA1
1d21664899e2143e2c530928bb730dcbafa14d4f

SHA256
99296c566cecaab220137b017471a6ba01c098bd962b1fd0a22826ba12c98d75

SHA512
b9b21edf4a6524832abe990931cec37ec24df2cf41b935f4fdb30ca1450bd444ac6dee4f392cd799d6aabf1a1b2831aecb3c978fd0dbe4e52f55da61a67d25e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ffe6c05851c94694cd6541f0af8302ab

SHA1
3ee0a14750596cbd72fdb2bda6fb126272db4b08

SHA256
b00106bf8b096db5402c1966ae6265cec681d3dd884dd613e6ce979aa9c18c4f

SHA512
870b0ab9b1efec67a34b539a0a1e782a320a0762833f28a9373ca63e18ee17f0fd4351ce9f86e41f93d5b9cc5146edc13d5feb004466404418fe53de31475cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
538c618a4354a6664e3530c03f0a1f88

SHA1
6137716f6ac08f8d224af8e52c627eed6802d666

SHA256
fd7e89a539b450e950ddb31f9878cd303f4afa1827cca91096b20bd8e3e45c09

SHA512
1b54ed669654d5da54a248e59ac89fb18818e1df6eebdfadfe4dffce468dc5cfffd0e2857fed8d46ac2cc4bf21e86039db023123aca89224a95b4db8cf3c4196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fc4d52bbb7d70ef31282eb01cb5e956f

SHA1
2bb4ca2a9646c50072560196b4348fa31ca5fd07

SHA256
6f00ec7aca125288ab34c032e80dabf80d13301c622bbd1326cae13e57d38ca9

SHA512
a084bb11777653baab8e2dc6e1c523bcc50a9675f8c97c12a75202a0bc10d541d2e25886445d8d63e9b7ffd64b80e69fd66aceebcce96f4a96b849e4f8dca64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
42eede175a4f8579b3f4836da578b460

SHA1
4e46a26dc48817fdfb11a3b909a742c9fad0cde4

SHA256
6df93c84b228265200392c35e17b46a65742a607a1613bc3b3b96b0daab1497f

SHA512
6dd862759595b9ef3673e758d4392a62748643eacdf7c3763d8b5a17f17f64ddd2e6bdd278132d8abcf742043164dd7d4906c90a0f2c8f724094e8007edf6572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01db15923842e300458fec2175a31c26

SHA1
aba246caa79ed5b0d76ec830b054b80616a9c853

SHA256
a2011d18a4bbbf20056931ca9040edcbcd49310820315553e4d497c1d7ad2548

SHA512
28df9d93108bec1672db3b35f39d64e4dca98aa7b64a5e788f3e3150b068ad97e97fdc8328bcbdeb1e18ee94d951325181cce75302da497bce36cf67460bfa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ffc9c2046456e42ae84efa4180821a99

SHA1
5c923fb85c507d5028761b962ee0561db31fd520

SHA256
cc0b2a2b80af2355b5fe9fdddfeea8b8ac10c81138eaa25c4228cfefa479d946

SHA512
59a46bacd500572614cf9707a13090e29cd00cbfa7e46581c4ef9e980bbb2db853578e8514d2b3ddc2651cc5170009f07dacadbb31bf421755a057b4f08fd6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d1c8f3612f693688a7d2c19b00deda6e

SHA1
fb3e9ae84611e613bb97cc7c0ed08f9255526d5e

SHA256
c84f1d4b1533013c55d8d028feb8b9b0b170f5fbd0fc7d14fe9b59f50d4d09bc

SHA512
c26ef61beee57e278aa4315a7496ac5892956c09049c0eaa9280d04a19e26817ca72f7892cee4adcafe370e3a04cbef985c1c47d81cb76de7b6ce40b47656b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6493a50f5adcd0b7d15bf158b75c4f40

SHA1
56f3a4c7b352080da9df96aff413284dbdac51bd

SHA256
9cc95b6489ba44d323479e2b5d09141477c25dbde36985430620313f71055048

SHA512
0d4bd81312e544f8589aefa9d1ab85d548535e04702b41fe511f7df2d35a4a88afa9d379d032a4cfc6906f2b842343452ead677a0a4acf20abd270c6c114ccef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
38d443c226b0216a8bbe1b6b75f90455

SHA1
a1f7f31f3214ee6161863d1b654f2edd9c76ee24

SHA256
13498dd59bab4b9123d360e18a1ee6234593b0dbc089f7e11f42e9e2e89d205d

SHA512
c62a0a0bf891df3940437906ce48710157eeb7fb29229528aa9ff2269b4eb32e5e93403c217d63f4ee013d6dcda4e2b1462fcbc04a752c3d4fa5a4ce6c6afa06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32e22edc05c7408d42524c35fed9ccb8

SHA1
446e31130fc8049735fabbec5ba4c02bab61f583

SHA256
087e50ce52602ad041a3129d821579376fe64bb741e9757e676b05c3adc9e54c

SHA512
a7f6ac00c9ae37a3f36e9c83c4f636b795b7571c0fa77442989a9f793e004abcd0478d78997d2687b1a2d6c296cf4b0cb0d108fbcfb8812b99f420c764ec4d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e963d68e3dedcd4b54e20bb571d8b199

SHA1
ca3af2d1008a7d60fd8222561a24c321c6d12289

SHA256
adeefc255c295c5a2621e61d0df1ad9a9f036330d04bcdfa711e1ecbcb3116d1

SHA512
f03b00dc79b32240fdbf162b2cb5c5ee00b4ad4d43813b8d2f5aec5ef569753dc25abb63748c1cd6c27d6d594e9a512e12f998a803c43a2c4fa9f3bb558d1ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b413efc5255349466397550dcf31509b

SHA1
ff213ffbae575b81b6baf173f12d274e827b345f

SHA256
5fbc69f9c6a3f3232f31f4a61ee137d8e0d47ba74352f440a7ab224c3425ab3d

SHA512
9889f9ff080435b2e96f63d459e79a64eb38d3ca9e7833f753ac125b5fe2ad37b5af3369d38637793b4f22f0aecfa03536c31d49290669e9841749b6944ac5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
783153129da6ab00939bac7a441ece1a

SHA1
24968fdb9b36522823445a34257c139bed4fe08f

SHA256
d634142b5562d7bf990ae9b103fa360bb28615665471dd7d07b117b5a672b34a

SHA512
c1743fc299e8e7e31749847206029a3d0afe2e09dc2527ea774e026aca048d331f148786a4ec93a5cec4f01ef447d779434cce268bcbe1c0b89be89bb89dced0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266a61a4-370f-4cd2-bde9-94b0ba58e9ab\index-dir\the-real-index

Filesize
624B

MD5
fcb3a0eb3cda55c4cd7c89493e83b1ec

SHA1
e3a37554b6e1847e656e4b42586a178f95bcc581

SHA256
9e0185069b3f3489aeb5a9e3855e3d02c1c9a6084a8bcc39809c0d23be149a22

SHA512
b1145e5de2697156e9712a073597e8a5679093ae27cef4961991d3dbfa818e5dd05c3ecd153086ce97c5d334f9d3feaed332c2b7480f3d7f6fe215537288abaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\266a61a4-370f-4cd2-bde9-94b0ba58e9ab\index-dir\the-real-index~RFe58240d.TMP

Filesize
48B

MD5
0c4e60813fac2f4b9c518438268e2cfc

SHA1
91c2e151056edc67acaf3af0a302fe63368e77fb

SHA256
1b9053c22623d478606420e27b433a4db684add1500919f490e1bee9a7728d75

SHA512
bc2f2948ba8594c075049d04575d5b1ec7fa971b1802160b9a2d91b5a86f58ff402960365245c1bfa46cb783c043c27aabdaa33889758bafdb95eda6585ca80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8fef6b8f-78b6-45d6-aabb-ea01fc6f4fc2\index-dir\the-real-index

Filesize
2KB

MD5
064bf7c4701737bb05b119df38b14eae

SHA1
9a4809cf00590567d51a413b6f5ae8f7962a9aaa

SHA256
e96e21adc5dd8d82af6db0f7f9488beb2d67d8b13076fbe763b38f84a4ff7520

SHA512
eb677cb6e50362214b1f107cbb7d8ef4d96f3de713524e41918f336005e59552c1607033bd0454d87d893ef9fdebb811e85779bb3ffef88a5884420e606a913b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8fef6b8f-78b6-45d6-aabb-ea01fc6f4fc2\index-dir\the-real-index~RFe5826ad.TMP

Filesize
48B

MD5
6fb5722fbd119c39ef0d40d7f2821b7d

SHA1
ebf5c43bd17378bf5353023756ad0982393e386f

SHA256
f3706491e572c3c2affa33f773a16c37c01fc1ab687487d735eb1aac20652632

SHA512
44071411366baf0c654a18f0adb028951d97dcbb0ab7593d2ef8c4104f7afd2fba495b15b3b1a5dc43a88538f6b81562b93d664298b6f12cf7d26ce43ea89dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
5e6b04cda14be5a847cf59ac8385ad81

SHA1
d12dd26b1ff9a27811b8fb15841146ea934d4b1d

SHA256
6b3b0f989a70b92d3e173fbd5e9906c88f6a574a3701328e434459834bbf8d99

SHA512
6b06eea16ac2af59b038abae5112ad95578984311090100bcb22d6860f36bf3e44c7cc1c6d81e58d7a858e92fd1d4f65f7150d7429712c011185181df7ce765d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3fd039e6db34abe05cd38acfba37fdd2

SHA1
b1f5491ab1cad76c885eed2632e5237642345b91

SHA256
2c8a3f00cce7b524a30c3d886049de83e4ccfdf8a08dcad12a29e1ffb63cb440

SHA512
211379568f84a9c3577ce03787c19c45ee4b5e07401de3ca5279e2786b8d9ae35958be8fa8097edae66f148ec62600438b8278773ade7f443a1c1da3dd8b3d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
981eb638fee7c82028cf49851748f700

SHA1
f06d9de0e6f87b14661b95f26b09145dabc586db

SHA256
46fae99890eae8de5b2f99927252d47ab4ce421717192907d102e1b767ce4f20

SHA512
f39754f1f9c519b33f424aee736fd18274278c3c8371d8fc062873f18c0ebf465cccbe86538297e476bca0e18064e682d12a890037b5de31220cea9f0f5d7284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
47a47412d73f0740ee1eec67034ad112

SHA1
09f3840d7e6d422592e2ae951748d2e90d0ceb60

SHA256
6253714908c6407768b689492536b95b5e1730e10f2ca2baac5a6b703bdce5e0

SHA512
05ccc0037028e4a802e4de2da2708154b802884226d4ec05afa1c09cf53496b114124449e61f02ed0c8f2bb3b5a38a60b89676559d7c022c2e98d211f45eb940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
969faf401ba664ee54027cc24dedc810

SHA1
6ca94fd79b3b4009aca264f856102bce96765822

SHA256
6d771c7e7b3d14618d7052562b315f52f67c13bd9bb0d019857e41cf905259d9

SHA512
baef15da3928c6114b63fb50b03db790bc747e27e6acdf244146c3bea2a8c3f1e7e9b616f21b1ff3c7c8012dda7d55ef5986387463c8bdd8055025062269a16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
16KB

MD5
42825d4954ffb7503751cb172fadc028

SHA1
e78696e633e49f94bc3dcdfa44f031b5861b465e

SHA256
709da6a737a1a2e1a04fb61422ee36edc35bd5e016014f4aebb83b3b6dac47da

SHA512
281975e10dd2bebd257802131736c3e2087292ada12b6a6cbd5acc9273f174d3f4cbd05aa111afd2c6a72a82899a50a938a3c6c22fcf40e88a726047ec6a8f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
11KB

MD5
42a310fd3394ccba5abe21ef6daadd7d

SHA1
5a8fb53f85e9af41bf7c461ed560a23a1b8c6033

SHA256
55ee52bd6ec1644b3f66def9f23644b590cd36be8f293522559b23e1ad95eb1e

SHA512
52f73f6ae3d1a261ffbf031798c349e2cac3a0a764c4930f938cdc36162ce03a75bd659c49677e5ab6637a27e1c9bcabb9434ec654f976c4e9240667f14693b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
154KB

MD5
b2e469caef74055c99313a044153bd6c

SHA1
1532f2263a9180f9884745af5eabde5c4dc6ddca

SHA256
acb08a0e4c98517e82af1179f9ba018daad77f1282b8404e9ed9078955a5eb61

SHA512
39dcd06d662bcce11211ab6d6717a781ed056b7c1bf5534f9cb9d66997e07566d6d368eae5d8304f3cb04ee11f19763a8a78f40f5a43e7cdd154193298d65d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
375KB

MD5
d426afcad9d17102b8f197fe09332aa2

SHA1
559068d5881d34ff2f1d6b818d3fec3ec2e64884

SHA256
eef2e7a4ccd1c56523be2679d37d00c39ff85ea2b28f0de5b6dfaad41719fdef

SHA512
d93e54ae0266d9c1fce62a922099442b54d2f96df3412112d4b58e9699e66879bd2fa27a445d08a19113c74a7c69b70ec18ad8fadc2806f80363de1b89510b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dce2e0abb0d5b4e2765f1a436355c4eb

SHA1
ef42d9a4e506fd678909de928f0e3733ecdad8e2

SHA256
dd2a51028f5cdbadd626a864cbfe9935ed6a791944d7e87dd0a9a8945370fd2a

SHA512
d3e9e6fdd141e1da1ff5724db451ed8eea78327986b790a4c17b96bd11adecc067b95604e2cf9517602c64524268e07fd2c4a3fd97f6e6db657dc90675353063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581bc0.TMP

Filesize
48B

MD5
f32a1d103ba4dcac20c5f2d2dc4b5393

SHA1
9f209680fbd07eb5eae2d743bf9b28ef7c61d5e5

SHA256
dcf93c56a0c11d76cc1b5d5941ecf0074e7225877f358e8fabbbaff1d4b4865b

SHA512
e7a7886366bc86b2a70cb9163c9ae7849835eed91bb3f30056a018d80a4381d9cda8cfbeb135326d7f950a5b51b5ccbed89e53c7efdd65c6e818dac9751f00cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2964e71e43f67404024e724bf082c8e7

SHA1
4ff09e03ea37e6fbac81f16a3fee09104b6df913

SHA256
e931c75ac43962278162f476a4aa2f2d2b47a28d30255fbdb79859350a1261e3

SHA512
7a3d8fd66b8d957b0f4ee1e21abec0c60558cb35d078d877d2351e2cca5d048c6fb60a9ab2e3e24c20aba19cabc37222af97efa228ab2823b6fa716b3317e344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16c64e5904e59cec3c4c6efb7fb786b5

SHA1
53905445c60b6c9ba54331c1400faf4b8ec0211f

SHA256
7fa2e178199ef7c5952fc0633dfa9bbf66d67ac9be181c4940591f1cb3216bb0

SHA512
62ca1f1b7c73ef3bb24550f5e714838878e291de1343c67fcf740942b3ba6308cb7161ef86d4eb5805574bec5d7efdd47373f058bd568c5d8ca06a55b24ab547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0d9e5e14dfafe3e1c45d771f0a99f825

SHA1
18e3f64a221164665f552385bc535556694edd50

SHA256
a7879fd6bf73a18aee42d6631a814cb59d27804d37f627814b266e52d909c4f2

SHA512
84397f8e5b82ac129160b90ee8f9df3e89f9a48d86fc9c5e8322ba8fa04c7ea09412d7e7754ed75d4e3f99037a74d93a2f4a2c76fddc2160b381ec048b094b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810b4.TMP

Filesize
706B

MD5
e7c4265b4c4630f5e406826c27a5d948

SHA1
1850b128a0c2ce39728ca0ca9a57fb862bc15d8e

SHA256
0262725652bf15bcd4f7f852ccae7e9e09bbc143183e4033f011358ec6ca10a3

SHA512
cbc08173fafd1a47b92c617630e7f93d4ecc722d4831243e729c576d01bec546acb8600c4a20d20e67790d6bf0065c8d64b59ecce992d313a440142a3ec90b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
019b24930aab2a39a5a8f42acfd46b77

SHA1
4021d9adf2d08eaf2220a93ce52e15c64574d09c

SHA256
10dd4f224f6e8a00401147c317c444bcc78aa8bd324fbcd59ed1ace5f67b7b8b

SHA512
2bccb8646504d402f0b8a010107b5a34a61606ee924f379f3b24137170d585fc145152199f0d97a7ef1515d01dad20aa92d1c0b4b87ed6b0bd617221232107d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96d4bdd5c23c3f0ed6bd970badbb19cc

SHA1
2e08ca2f281702dc4b022329760978299afc4e5c

SHA256
6fb420b6d2b06b93ca61c288d52c31342589e5fd44a0b36140c75c1bbb71ff39

SHA512
936be24dd80c41cc7693ef352d93a3ecdfae98884dac25e48d7843c846d2271cebe0a44dbdc56a648790c9274efa58dbbf2e9fa9ac646d50c2fbd2d9f7bb5691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06363fce492c4c50ad467e761a5a6dec

SHA1
2797a468750a10c2ce7ad6e2c40f11bb7e341e26

SHA256
9cf87aafdae76bb7f07e75f1b4c29ca0f9cdaf5b6892d5d6cb2596ecbecd355b

SHA512
0567d68f845cafb7925a9c4c1de4c392d4b16799037d05f28ddf1623a6112254f8460ec5becc5a194170ea144d0364a786a3fba94af3cc6ec8a7d762d72e8f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79e814384113b8149415a19da7408633

SHA1
edca733a9c2b05a23b1621d1d3c44b90ae53aa88

SHA256
5e7c172f27a10d6bf9544cf6449a4d6788171aedf5bfaa58d2623ec84636f807

SHA512
14b2ee2a58abc2feba98a04eefd5acfe4402dc58304958eb1d85a4a86a7645ba60d33f6e1a81ba1f5399bd29cbac8b08d9dd1aeeb9151e4640da5370018c50b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d51dfc1536f75ee070b85723b6974914

SHA1
06fb1619431a04559f8b6c8a6bdc102132a54637

SHA256
d1b5d93b1f89d8d546e0e20fcb0fd5d56412330a27caedee5cd967f8ca93cc57

SHA512
bae356fa02693015a7f76aadeea051e48a54df3533a52f7a8ee2cb10f112774c17e387a26955b4663f809af71b372b84283a5e43f55cfece2caf327a678f8ee5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\A:\ryujinx-1.1.1379-win_x64.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit