hxxps://coub[.]com/view/2xkl75

Analysis

max time kernel
380s
max time network
346s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-08-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://coub.com/view/2xkl75

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{1BF4AE1C-3DA8-4A58-8ACE-EBCDF340D312}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
1568	msedge.exe
1568	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
5844	msedge.exe
5844	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
548	msedge.exe
5432	mspaint.exe
5432	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4632	msinfo32.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
5164	Process not Found
844	Process not Found
5052	Process not Found
1472	Process not Found
5832	Process not Found
5364	Process not Found
5328	Process not Found
4332	Process not Found
5284	Process not Found
4524	Process not Found
2404	Process not Found
3936	Process not Found
5064	Process not Found
2996	Process not Found
4232	Process not Found
1664	Process not Found
4552	Process not Found
4456	Process not Found
2804	Process not Found
3668	Process not Found
5068	Process not Found
760	Process not Found
3760	Process not Found
2316	Process not Found
4352	Process not Found
1496	Process not Found
5484	Process not Found
5856	Process not Found
4804	Process not Found
4796	Process not Found
3764	Process not Found
5984	Process not Found
3408	Process not Found
3728	Process not Found
3400	Process not Found
892	Process not Found
4480	Process not Found
1736	Process not Found
2600	Process not Found
5576	Process not Found
5700	Process not Found
5760	Process not Found
1132	Process not Found
3812	Process not Found
3256	Process not Found
772	Process not Found
4768	Process not Found
1400	Process not Found
3848	Process not Found
5884	Process not Found
5932	Process not Found
2008	Process not Found
4880	Process not Found
5252	Process not Found
3316	Process not Found
3320	Process not Found
1548	Process not Found
2236	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4656	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5432	mspaint.exe
5352	OpenWith.exe
5448	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1712	1568	msedge.exe	84
PID 1568 wrote to memory of 1712	1568	msedge.exe	84
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 1588	1568	msedge.exe	86
PID 1568 wrote to memory of 2840	1568	msedge.exe	87
PID 1568 wrote to memory of 2840	1568	msedge.exe	87
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88
PID 1568 wrote to memory of 3000	1568	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://coub.com/view/2xkl75
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebc3c46f8,0x7ffebc3c4708,0x7ffebc3c4718
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16920935328453556543,6631487655537295688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5212

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SaveUnpublish.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5432

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:4940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5352

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Downloads\NewProtect.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4632

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa389d055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\31577d2d-6543-4d31-a38f-e4d6f1a37348.tmp

Filesize
1KB

MD5
65530bb26fc6c8cf7a55466b567eb8bb

SHA1
f9fb0d4b73f156f2d29a4f615f6a39bbe1a5781f

SHA256
1aa4bfad2bb554bdec4c775ecd003d73b412ccb460094c4253015af2d6883acc

SHA512
626aa5d344bd43241a6dd8c1ad8cc7635c0ecf8db019bebab7fbf0d72b83eb77f23bf1e04476809a7c85f6bcb673a8e5788b03f864e8efedac26a2b000b7a9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
47KB

MD5
0d2283b0df70bc0217118f5c6d1fd836

SHA1
0aaa2e0daa0f0671fbf7817e222fcd777be523d0

SHA256
fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb

SHA512
16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
1.2MB

MD5
038c1f469deb6932520d09a340856ebc

SHA1
8b361a8c0489b69e9ef4e132e36f20c161c5ec1e

SHA256
5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451

SHA512
fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
27KB

MD5
f930621607e050dff86f94bbf4806b73

SHA1
d06bdf16d5794550b78713955629c465b6970676

SHA256
fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e

SHA512
df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
70KB

MD5
ba970966e10a8e87ca855b95cee05ab0

SHA1
e3a5e78a16392fd5da108f9821e00f48a7e44b5d

SHA256
463fde9c3ee7e0bd18f5ed0d239cdc1565481df623433fab4142869430ab00e1

SHA512
e8a47925d959e5ab41e3b81a9461ef436c4fe81af5b0bbd350856175ad8e0dd0ac181e509c93799350b86c4815d94219752c0e780a37935eb76d633cc7a852f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
43KB

MD5
a12c90cecb686ce8edde72e52cff40da

SHA1
9dd9a4bfb841b7b43de7d0a6b806bb2b40481f23

SHA256
be1143ebceec550910c4a471bf00e20389828302b1909836344268d05990450d

SHA512
4ca80dc25a0524b43895d849d39d7ea302d048cdfb7f177de12e3ebd91a2d28661831fc9158921fd21ce40fe598aebc2b408e916c58b0a7e6a99a4cdd8200060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
1.3MB

MD5
7792cba608a1491e3c5aa6565e07ea4d

SHA1
cef2de7d00ecdcad66b098dcde9397afac9a9058

SHA256
fea64e53c8ca82392f445b7491916a2b7ded19c771f65bbc00d88b3a3b864576

SHA512
f4527cd5abe18dafdd7112f15142c7ae191c4c66b6a84c989dd3a3778ac1d182bef7ed73339d2677fa8bda143a7a147042ad3ba35cc7677e133a7a513a1c2b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
1024KB

MD5
2edce05c3f741043c556ca8e1eceb6ba

SHA1
7fa65036ab70d4f515aa20721774a6b6aff1ba4f

SHA256
6ffb54aa9d4e8d7c59516914f3e17d93583addf782f0459fe690861d9c12ea7d

SHA512
96718040a0d433678cfd37575bd20fbd9319709915ef42753c573c03ca35980491a5757f069cd3adfae17f794bed805203c83ec08ddc257003a8d97911c7e347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
1024KB

MD5
88c0830df2a2a5970ca36e8b8adf8626

SHA1
c25d0a1a58694a128f3924212c300d6a26c9157f

SHA256
da403d78c1f0f501cc478abd60c408e442a9482ceac4051095386b2739472637

SHA512
177f2d1d2471e654557b1167be5cb8a31000e1fb83616e2297521989238c9bb106da4a5bf473aca413b7461d5e7e651dc815ff9883bc0b65e69c1ec64660ea0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
1024KB

MD5
f18968ce2843a16fb5309794500064c2

SHA1
8b812bc275db77ef78505fc00cac2da778d93376

SHA256
4449702b7c32313803cf1bc033be845dc9f1ed08be75503f515106d079cc6cc3

SHA512
938b5bd28039ea8877da78b002ebb7a6bcd4483c0c877b8b5e996901a0ab5b47fc16a40262cbad24ef0921fc093380188038cf9210bddd62f762e1ec88d7c328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
1024KB

MD5
b737dd7123dd8875f6b8568e5c4b76c9

SHA1
5f24b37203ef3057c30522b74e39c6613c55073f

SHA256
2c97140fd402750584705394d0ede15f4f6458c900788bd0ba6bf69b3e9e7287

SHA512
f7637bbe03c77734453711e76dccdd63cc7fc8c13a3644e980a2e8892def0676990579791b149bd2876cf213595a3579b2d4f4a06e9e238c95a709da66b3046b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
760KB

MD5
446db626eee8a15efb47b87d95755786

SHA1
5a78ab62c0f40dc40a1cec641f807071e79c54bf

SHA256
3d1b38fe6fbf463941e14ece2f6ae85a5a9e44a04e01dd0774773464a72c7313

SHA512
9c7324b564232f23794efae31f845f6244e800128b7a6aa55b60294d8152b34dbe276724a002279b20c759043b074a9dd4fd3deb862bd705e08f4bbb2c4fda3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
1024KB

MD5
75a542e6d6418b3d2cef87334a1a9a59

SHA1
ad945983f865175278f5e44f91b5b7634f80c8d7

SHA256
4ebcc79967392cd6a3d7e4471391388680fade1023a5fb5f03785aa579c10112

SHA512
de852deeff430a0d66e329c9713be384ca1bbc54c80f6a603258e4ea7113cb012111391ba87fc74effae26aff0623efe48f08bc3bb1c7bdd7ef27f73e025b776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
1024KB

MD5
2ecf455f07a091fbd05bce6c71f393b0

SHA1
7ab5b9fc4d09060e5184f210ad89704ef56932f1

SHA256
16dfd337a06fe05729e9d72d8c8b4d4be7a40e9f920d53211b77aab60018f2aa

SHA512
1ab7eb96e1fbe58f87bb609320a9c2b97538e76837a99d34aaaa9ce5b569c6e687589075cc41c94e573938a3827039c032487b1e07131ece40b80f74768aa09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
1024KB

MD5
cfd1552c31aba7a4a4f624b403fac046

SHA1
56054dec7b7729e2d93a8a4f3bb48aa0de7b0978

SHA256
aae86249f38271e5da80a32ab834bab2d1d1d8d7dcf2e15748405af19d2be2bc

SHA512
67869ed6ef7c3ca51dcc1f3999ac772eeb4a46ef1da8438caa22facc9608654db9e45abbcfe5101409dc8865a388fca1da53458b3714889c340f6f5371cb6bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
1024KB

MD5
afad6cd9d8114667eead4c80302d6998

SHA1
ecaa25be5ceaf4904167d8c76b58af88e651a849

SHA256
ad2906533030f9a72670560f2e3bcfa7944e7d1f15be6d0fdcc2b16b55df450b

SHA512
d87e18d170d9d341e0e82a6266eb7f8535d51e9370d2220ecfffbb82269e20957798c12c72849c301a2a3970265eae3e57f4e1189e0e63bea85ecec7e2b02cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
1024KB

MD5
f832f098dcfd9f61cc4ecbe694a9adcb

SHA1
768c31c3a6028d1364cc4a7eed0abad22a9f9b13

SHA256
f9d7f55dd6f25be42c03990096f062c207dd7a665f1162f9108d97b92fcd3735

SHA512
91df2f6530e60a79fc95c6a6b4b78ac9fbac8fe65552187eed01d0d22075e03acd3e1c670bc7a6b211d1e9424f55d3727fa94e49ec3a4d83e1aba40b80681144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f36c5230c25a93e_0

Filesize
2KB

MD5
1f99428356de882ba7208199b83cd7e1

SHA1
d51112a53692db1274ac1a64c81ee54c10f285f0

SHA256
c0906d837517be67c7d7f4b65d8c9f414dd6daaedcd78e0033df2d8722ebf3e7

SHA512
d7e296ae5057e3a26db74a686f4617028982f2da5a7c37c309200c1179ab3ee8d1349bd76dfde8a59fd46d5678961b5669ee7892580fb63f257123d296c1a42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\256aa39a0b7a1025_0

Filesize
3KB

MD5
f172a30fc8abec8a79d6e8277c0c0ac4

SHA1
ff56ac36bb7ed6e85ed28c637c800d59c19abd8c

SHA256
92f51582808482450cb8b7ffb4558970619d901ba9385c41d34a1e9c4929dcb1

SHA512
af00ba618790091071e04165ef2d1f07735ca060f50c84dcb33f8eb6a8ea77de1e182bc46c7ffd45610ebcbf1dbacfc4bd59a543bbed53719fe4d2aef9425c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e4447cf5fbee8ed_0

Filesize
3KB

MD5
2345116ecb57177ef2b98c93eec86e1c

SHA1
0d5717f834306fbbe6ed3536f90e228a6e881aaf

SHA256
644136b5506fd8ddf146fdc9d5a33aff4e85adda4ea6d4caa8e1620085db5391

SHA512
a43b1eab1eab9c08d89d1edae5a349064fb8c71c0f617e9163d42b0c673efae0d6619c3cfe083496247e4a5229144bd099f50aefc5d033bdeaa15972c5838295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f9424cccc041251_0

Filesize
2KB

MD5
57232c3a1feec83a87f5b11ba09cf0b4

SHA1
cac85f7004d7e5c71a35bcac1c22900f8e51e87d

SHA256
08944c8a5a1b6d4f4faf1550a2492eed369afaa1b978cfc50681979e22e4df9e

SHA512
6a143cb32f11ad953591182aea3ace29e67df60c4680287219094cd1add0a698b05212b5fa6307158d77c7395f45cd8c16fd4f5d97c99c2f99d9819a4706ad80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63ae369f53bd7945_0

Filesize
5KB

MD5
236e63c7ec62ea1aad4db8447bf20668

SHA1
4632d62ba5b672f1e16f78192b2545c6b3cf450f

SHA256
e040955729ff2076ac4072897b0a6dbd5f937afbe1da34ebfa44972f4d5ef5cd

SHA512
dc2493d16ecff6bae443f8de8ad5d62e6320affb62ee333e78b3a182242af8180cb01a68297278fc15f7b65ea2478fea7cf7d6680b6f9bd68c1e0f678574b555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f2f9b783b6dbc6c_0

Filesize
1KB

MD5
721d3915a08ef85dc6613d811489fd4e

SHA1
853a1a3f7a5b21297da5465328f2f44d835bf232

SHA256
202ca3788531de6dd632a3e4ffe43e550abc1c5620c34c7858cbbc302a9c8d22

SHA512
78f0e046823587aa0eb19ff81f20a1d081d107bd317dd6e28b5ccd1df7f40867852ade4ca1f70581c8e646ba041d063bcd09995c082b1fa4ff2a42a17f9617a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\716cdc2324343c23_0

Filesize
4KB

MD5
0e3e71e531d411c95ff83e29d7f50004

SHA1
88d0fa443040dc0f5f97da11031c47eeb84ceab1

SHA256
570f95cdc851da4bd587a9d70e6a5df3279135f442061557f7ac4b15f72dc467

SHA512
1c20c6f7440ca2194d68e294d9cf4dd90cdacca22ea3b77f5eda541f4cfd59b877bad77600a316fabe1f7f698a7086161d09a3c8ea74e692b9d7c6ef220e9afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e2baa4ccb88e504_0

Filesize
2KB

MD5
043d4125b6065a1eb910d0af3eef21a5

SHA1
ca5687ee9b6a883949a03964844a44e959a72528

SHA256
f19e10db66fb175c8e8c967d771c5d9fadddd4006ff03087a3445cd0f75ec26b

SHA512
6128ad5b501de2701af3ffb6ae4c42dc7059ac4cbb91bd1fdedc258f07fa39dabe2b5e572dec338330f82c3e9a825e3ced7b7ed15a7c3661a5da25bf5abe327e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87fe9fbd2f9a9d38_0

Filesize
18KB

MD5
141c3682a3697bcdfedb7eb87b75a721

SHA1
773c4721af1b6b7a5581a83eac86706f6d028a9e

SHA256
2c6f81b6f651a3a56d4994a9ebd40e2d0a1abd4915787fdc95e8d160efad926b

SHA512
eed57c48d5d09589f9b2b684aa06b4fa1c28eaba109c8433dfa7f7786e767d1ff92c0655db1265f4f76879a45f278c5bfadbb3c8e09a32e04c4f9912dc6ae079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91f0ceed804a8a89_0

Filesize
2KB

MD5
426b85c94740d87bb51f1c903c33c652

SHA1
3da0ae12fd33ffa20759aa629b0bc59bae660b93

SHA256
45e47cacf110d3689b927665650f4cbc1b005a83f602e462b0ced2843bb46acd

SHA512
41f54bbde1e9e0d4c8da2136579eb227dc189b19e866e6cd5f3650c8a1de6bf27faab214acd9b920488a76375daf5f92af23f59f792fc2e6c182ab2c546e50e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c07b1b2a3e9b57a_0

Filesize
8KB

MD5
1d3e1d8de0b6a6f7a4eb6cca6f9d85bd

SHA1
916b08bd80b100cd2786a714eee0e61a7426a33e

SHA256
6d279d74807c4a5321b07edb0e3eadacf48bb64742572b88c080250d09f4fbb2

SHA512
4d9bcdba0423a9f907defa7b67a5b33cb084a5eecd2f798da9a02138bd835781ed1611e624c19eac2ee487b4dcbb3425d9bfc3f4f164acba065f72b2668784e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dc4db77d8cdcc15_0

Filesize
11KB

MD5
f0759c177d6c3a6696a246efcd679c1b

SHA1
c30a12bf7e5d4e51ea3fc7619418a5d321d021d5

SHA256
bf3e5cbd5bec86f8699b1456a811a1067321af2272372efdc4291772dbb5c6d2

SHA512
32c4d2bc7b36cc712a8b46473cc3f4958f801ad9499261868cbe0c504783cb1bfcf5b63133b287b50a5242852d77405759a9368273cbd0517eafa06ccdcf81c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4c52b8d2ee31223_0

Filesize
295B

MD5
9de598111c232ae3f38f5d1759fe2371

SHA1
df569b878800f10d021444ca34604045e6b5b860

SHA256
3a1c363ab101e8518151f142a0581139e824b55878e48553971ff1d9b57e1595

SHA512
325088e0a4aa731cb630840fce6cccf449997a0243b63d85125c12426a7a73d33415852d39e1d58e464c924298d1807e2c6ff4caf8d141a725e4bfb93414ee55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4dc9facbf229772_0

Filesize
1KB

MD5
202fe7523e4970d8caed513c3cbba6b1

SHA1
673147aa324261487353296ee65e4f7f00185ea0

SHA256
e018bb1d31805709a7741117b2b95009c7830f1316385f4e7890d7a6fbb7c805

SHA512
97aabb52dc745a65409a214145b331b6e649d154229b60bce3b21824257ee2a626921d566548bdf68d797d9a67bd61e774d5149eaaf5a21574004a7c3f7482e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d80a40e437f22fbc_0

Filesize
5KB

MD5
9138e521a66bb465ac793f01735ab4d1

SHA1
6c254e5dacd885eb715d5b9d0178cc0ee7d2f66f

SHA256
c0efdb659fb91981edc00acd81e0461cb0c35751a096194996cc9bd55001c672

SHA512
77b34fc42871b18c05bd83766255b6966aec75440cb938edaa81dffc61aff32cb6512de2d349ede103ccb6df3632847d7fe8f691902a7c09b2a05316f1eeabc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea06dfabf002220b_0

Filesize
178KB

MD5
9c538eb4dcb20fb1b93d01a143f9e43d

SHA1
953e5a044520d8972808133dd36775276965a6b5

SHA256
b053cdf54ae66ef438f216e26996897d183c2255eac32236fe17e1db46e1ccbd

SHA512
519ac4e99cd7780d82e4b5d9c9ba359e2a787db180b192e7fbd3cf2f786bea34133999c2aa666565aef4dcf6b069c08ae70bb77189e7dea29fb422b5d2badd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f094409030d0359d_0

Filesize
3KB

MD5
145d0e69219a6bbc6caf6297460b85df

SHA1
23a08582409a6a1d7f94bf845d073fa9c7bd965c

SHA256
dfb6b2e015338ae4babf591ccdc3b4a2939ef1e9bb7ae03d92c0cc066ac44726

SHA512
40abeb3a6195c94afa3f0e1f507be833bc4fb5bf3203a2ed915f5d96febe27ec5ec08b847a0af65e7d3f529eef2380649bc83c59d5412e2782d13f4151d9cb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f334ad2d035db620_0

Filesize
1KB

MD5
b75e8deceb8a495555495f42157a7c39

SHA1
33badf0bb867cc82ea2d832b3244d6047e0016ec

SHA256
b794ac00c2a91796f3bb789b57e84f0fc5b6c4504baae872b83667a2f1e8e173

SHA512
51aaf74e192e72c753f2f91af5e8e67ce65c489eb29ebb4fefc0f5914ab157eeaa0758ff26096e4d76a9e9088e941948a7d5fe79d95894cd37b9c4c2be71af0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f743f4d8e9268c4d_0

Filesize
2KB

MD5
44c6a3df02f66b8b0aafb6ce70f74a70

SHA1
1beb0e824083c09ff636ba9db0431e3428006206

SHA256
20069735585e874b579ee9f00ad392642a6aa2216fe03dc0e2965f3da318b384

SHA512
48cd23c1a265b9f879d96c7716dec790f649e622c74f7abc2e882b353d6c8a2ce94bbacdbec47050527820b40631d7db3487d624c35a674d658d169c2a240d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bf4b87bd22ae6c544681633ea47c0a59

SHA1
0fb6596e0315065ccaaecc8e706f85f24b2b8966

SHA256
0845d13ab9fb94d244af6845cb03709ed3f7edb84fedba19479fa96d5bbf856b

SHA512
1663d3b84451d8d0c4f9110ed2a2961c106491bd9d25b118f6181211e20230e10a3a540499bd47d436560e53ff4caba07a36468a30b363b3159341fa4691adc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
58c57003bdc46e986a82ffc20223eead

SHA1
ccecf72872046ebda29fd0a677225dd6c1799a90

SHA256
bcd6823f7d8dfe561aacea66ddb7bdeffcb90abb1323f95f2b304688bbf47a5c

SHA512
d339edce32148658ffad57c69cd1e663d813f31f035e8cc2fa1c43e9931c246c04f7b25b1d0d96fd2a8588828b3785942f6d20668750a89e746be319ae6183da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0b83ac3d7cd1168c3bb3151522444282

SHA1
c9c0993c36a8302f1a45953e69e6bb4b776db765

SHA256
393f6e203face55e0068cf96a600946ded43e6d6ef6f33a4e6778f7a25d4408a

SHA512
15768df84e048bb5d117970dd1e0627cab182073b4362e79a16c6d21977b278955d75442a2b9f0ad0f5064b024dee384b4e3bb23467cfd9aba52f2811bb05a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d4d7dc166faa21cb76b8a0e1f92851fc

SHA1
85e70703d9b05a766fbfb9948afe0b1554905fea

SHA256
bc98d1d2a6f47cd55ebc2e31cd13021c3e5a828e1208b0036b861c60103bf0fa

SHA512
5f498a3271de1ecb2cb3187fd3829276176eea6d2887e2396720b67dcc882684b836423059219f5a99710072eb1d06f4e9f72fd3df1a0c7d8365d78f9f8d2326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9346aa5c916833cac00bd3c8e8e65aee

SHA1
063ad70fd206795a181cdb1761aa01d76ea13b97

SHA256
b5018275817801b7795b31d60611099ef31c7165390ff800d6d35659d6b9cf0b

SHA512
42745a53f39d2adf262b99c2c119dc46d6f0c429ee73b8e77edee89d0d290fce9cc5b5a2e892ed3157c206b74371064c9b4495dfe85338ed2e2a4bb0d7d4b111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fdccadd1c1f7d0b3b058308c92e8cafe

SHA1
cfe292842566a23dcfeda4307e6cd2379647827e

SHA256
95d612a2ae669463d25c1bf5613990549d65e1a35848e7b2ba592516431921b9

SHA512
23bd808caaae5120f67dcd2944e32b7cd3883cb1f804b3de068584a845df0ca009b327b369bcff601eac4404d2e5a50fd7102f3470d7afb67aecbff56f42d2ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
23e979de7b4ce50eb4ae2b65c80fe470

SHA1
28b300f784224575988cfb77f01d4d1bac60c9af

SHA256
8f964c99d57273c4aaafac68d9ab1573daf4e0e57713d78b1e2dcacaf5a48f91

SHA512
ae278e877c04dde897b1df5e639b1ba9467b7ea5849b773111dfca4570bc1d5591bff1996bf38970a74cec9df62e603b04e2c8f2b011530fa2d0c17e811949bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c76326494240a19844153012a179ff24

SHA1
bea012f3c789a7a5664a953e9d7ad7b4e9485c65

SHA256
cdb02b1dda83b7d3c9931af37a17b6b8692b591fb20a24447f21eae0352ab1f1

SHA512
9579641386ce544be0ed4c2cacb191e2f7f1aa6b01b1107b9d82f9cb300b822183f26fea82eb5465cbb936753af3288af1925e7106b7e63a972375213b247fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0c3937a255743dc9e7abad0095cf0466

SHA1
23ad2cf6b587917445b36b4f7bde2bbbbd9c76ee

SHA256
21211c4227b8de9f68d319925533f2a1d94149142562dcac4d955cc40abf8b10

SHA512
454419a0879d205adc96bca8a6907ddcbe8ab79cc42e5254bbad001aa937e332dfac3282a61ff657558db5f8608b9f74299e2a7850d0ee246e6c50150db2bea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9ef2cf535af4a1899a6c5fc5ad1efb27

SHA1
e49fd290ed012ca7f2e944d9838ed1d6d7761a06

SHA256
01285283bd64ce18306dfcbd972688ca2509d613e5ca372c0259d72adbbdd9eb

SHA512
e65fc9c790ffe9cc47b8ca4df11bb19cc1af1d512b437ae2f9f0b0566374e7efae125d5d1979f094e35fbb0148e76bb8764754a9a343554a96e88867849eb5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec792700b299268e6a61d0c2152dbab3

SHA1
e89a1a7955b97f7932ac0d9a54276e32c1bf6f07

SHA256
d9cac3dfdc0a0526add17feecd75c77f10fa6291f1e7a464a395564c0dbf7111

SHA512
7bf422312b5c00d1328b53fadb498a9bbd7cdf3ecf9b280b6af5b7077b8cd8a3f3b00f378a45adc9f2d10bee2c84ef798d7a6f0a488b6e3b876cd3f8e8bf62d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0436ff526baf3b97a747d2fcd2f67f65

SHA1
498409c5c5d351f57002e83624c4b817cb2ddd79

SHA256
605447221e9691a4ba6d759cdcbfe535482339f9131f3220a5bca9cfbea28478

SHA512
f76b0cd3973b58dfc591dd5d395e34493d3cdf7e823a094674808d8407bfc80838ff7ef29d32021aba72b99f840ba4e60efe56c6f3f155fe4b1d40afd285b5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c99c4a01bf8b0e5db535db1ffb40740

SHA1
73e8be97378dab74ecba402aef7f173eb970401e

SHA256
74942c6875929fb0e4f939fc11dab3a2f33895c2f2779a5ca30490374f200d8f

SHA512
a34b52af7753480f8f8e3784fb7a42fe2eefc62ea1160f7769cd22fe279e45cd702b09868c9ea659753ffcb3b6621d982cf5dccb466652be338b2d9643dfb384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6ae7a99c4524b35d2ce88acb615eded

SHA1
c656a5ccbbf0d316a5d524f7d09753cf38bfb51b

SHA256
d381ef2b1bbf8c05bbacba3796ef519cad819bb6c4bbf5d562133cc78e5b9e1c

SHA512
890849612d5ef5f7b8a4d79461ee445ed1a4b7e8867c1b128ccc80a48379df450e09a1809b0d1788051371337ca0ca66277bc7dabf2b325aa731331a558d7dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ce454988e0dc48635b5a23d25cd38ee

SHA1
31537ac56c23704cce6a2d74ee6f026cdf7127bb

SHA256
ac057e7fccb08067de6ea2b69548d9d4f3ac840899d2455fcc90b50bb1ad84a9

SHA512
539cc398629f74ec3436fc6e97c7bd250b495b530fbcc05407aab455eea5a2a5ff08b20c6a5423d929648a012be4128bc319bb6d738eb93d7bbcc35ed1b68f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
101f960508827e0ef788ffe82ee19ef5

SHA1
f984b0d1576285444aaf8fd8ccb4b07ab38f334d

SHA256
fd46df779c677584e45e0fcc08cfa45613ca66c863470921264a29268f6ce8e6

SHA512
cb7e660184febb8906a24299a31a3ffaea41eb4571bdce42936935718279ed2a2776b00048581cdeade1fb67bc67738658d72dcb58c014ffa603934fdbcb6b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b9e2dba2df83293fb2b2f575fee515d

SHA1
79b96e051fdaf05e2e5e1bc6f49295e73829327c

SHA256
02aa0538795e1f7f4c7353b17c95563d7a432bf6933ecb822536810d928c819c

SHA512
e873733088886488cac401d4f680f97fd2420271e97a8f8b3ee52c3d0ef8d53970301d51ebc3f9dfb859d51bfbab6e372397df717e72e4ff1133189d252e4618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
724b115370c7a1b92e7724a7c452937a

SHA1
d68d6cf850ac5ea1dc32584a15f67660211dbf77

SHA256
9d9a5e6660dc4eb28b59b8cddfa0c0b6ffd0c88f11ab91f18b74784636bf1d90

SHA512
9dc301ac57fe0d90063b69bc7b8ab924b7625332b39d5008d7deb5fc3fa5fe76720fa1df22ba269abfd5b35444c91340e8921537eff9be17783cddf25a56cec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47f411e3c75ac7f166193f6cc0ccd20e

SHA1
f66030ff9cfd0f97c3730df7bb2977bbba133e4d

SHA256
8df422322f4aab12aa6a523ee44a7b602c344eb1f234d38163df6202272e35be

SHA512
682c46ed6aecb6a2b6b44b96cfa618148776a2c2d5518c817e99fc42927c22ec6a2ddd0b4ab25ee061ba3574b71e57f722c597a546a105f644eccfa1da29b88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58388f.TMP

Filesize
873B

MD5
74477a934396d8ea88b40f67ecaa09aa

SHA1
d5660ac7ba5b64c98a825158221021007c275082

SHA256
7f8555865321f0e49185da96acc5c06a5f6560d1ad1e4dcfa847fc36d9817348

SHA512
ee5edf33cfad4231e6caab8c7d3bbc999dde8083e10857821b752153767cc544ab593e83fee51d870dfc510c30b875ab2ced70e178e7ef92f1b618fb266ba29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9f4c69e918100e30f140f05d32c33c6e

SHA1
aa9506b85de14f47b796d8164fc1985b0e7dd93d

SHA256
be28e11af2dde515e6631ba581a4fe10dbe7da0f2e3c17a1a7e8973005ff9b32

SHA512
a0e4c87ce1513f7f611a9a9131e45d9cf8ccb1a955b57de6637a55556efc8b57ddab0a2ef70c89d0c22e3802c3cb0f823b8c25ba00bbb5fd6d8bf4be882fbf39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b79c3cef3e060c9af7314b1699b4698b

SHA1
95071bee4b5d928661b3f0cceb60c95c7cbadc89

SHA256
39fc6d8b293cef6db2b0436c8506e587f51b2f0812f6cf5efa39e2e266f4b6b5

SHA512
fb5dfcf013163c9beeab808bb7ae1a760a3abceadcac17047df3fe9faa06b4d07935ea87653629efffe6ec5b84f9c06b7ebe208076c67ad031b770a7243c242f

Download Submit
memory/4940-1595-0x000001578D5B0000-0x000001578D5C0000-memory.dmp

Filesize
64KB

Download
memory/4940-1599-0x000001578DF60000-0x000001578DF70000-memory.dmp

Filesize
64KB

Download
memory/4940-1606-0x0000015796240000-0x0000015796241000-memory.dmp

Filesize
4KB

Download
memory/4940-1608-0x00000157962C0000-0x00000157962C1000-memory.dmp

Filesize
4KB

Download
memory/4940-1610-0x00000157962C0000-0x00000157962C1000-memory.dmp

Filesize
4KB

Download
memory/4940-1611-0x0000015796350000-0x0000015796351000-memory.dmp

Filesize
4KB

Download
memory/4940-1612-0x0000015796350000-0x0000015796351000-memory.dmp

Filesize
4KB

Download
memory/4940-1613-0x0000015796360000-0x0000015796361000-memory.dmp

Filesize
4KB

Download
memory/4940-1614-0x0000015796360000-0x0000015796361000-memory.dmp

Filesize
4KB

Download