hxxps://c3[.]youconvert[.]net/get/dl[.]php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=

Resubmissions

02/09/2024, 03:58

240902-ejzczssbpf 3

02/09/2024, 03:51

240902-eelw4a1bql 3

02/09/2024, 03:20

240902-dv7cas1erh 3

02/09/2024, 03:18

240902-dt3ygs1eqb 3

Analysis

max time kernel
161s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 03:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://c3.youconvert.net/get/dl.php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Snow White and the Seven Dwarfs ｜ Heigh Ho ｜ Disney Princess.mp4:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2256	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4760	msedge.exe
4760	msedge.exe
1488	msedge.exe
1488	msedge.exe
4084	identity_helper.exe
4084	identity_helper.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2256	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1880	AUDIODG.EXE
Token: 33	2256	vlc.exe
Token: SeIncBasePriorityPrivilege	2256	vlc.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe
2256	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 3232	4760	msedge.exe	82
PID 4760 wrote to memory of 3232	4760	msedge.exe	82
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 1088	4760	msedge.exe	83
PID 4760 wrote to memory of 4152	4760	msedge.exe	84
PID 4760 wrote to memory of 4152	4760	msedge.exe	84
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85
PID 4760 wrote to memory of 2528	4760	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://c3.youconvert.net/get/dl.php?rlW1pzjvBvWbqUEjpmbiY3A0ZF5yrz1jZl5wLl9xo3qhoT9uMQ9mnJp9MKyXnTWUL2yCnHcWIKcWZH5cFKAWoyV1L0AWAxyepSuJD0b5YzI5Fz1uI3ufIHqTZTSQFGMWnGE2Jz1fp1cLGKMAnxS5GxZ4Z0k6FKyZrxHjGUcIqx4lEKqAZyWdGzcJoH9UIGABIRy5JJ1JnH5gEz1ArxRjGT0kq015FKAWoyWjMRq4oRydo2yHZ05bLyqTITVlATqZH0WQLxp5qIcUIJqKrHWfMJ0kq015AJcMrHWxGT0kq015FKAWoJkbMRAWAx1HL3yBIRxjGacSq05Gq2ynJTu3FJcirR56FGSArx16GyEOZJMEYzfloyqUFRSUE3M2qxx3ZT9ZZTSEAySEpJkBZ3ykrIy4G0MgISZjpxkQHTZ/MT93ozkiLJDvYPW0nKEfMFV6Vx9mLJ1uH29hKl1sDzkiozEyVa0=
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8ea73cb8,0x7fff8ea73cc8,0x7fff8ea73cd8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,6422954019543957850,11837707840849097896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Snow White and the Seven Dwarfs ｜ Heigh Ho ｜ Disney Princess.mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
1de4708beee6992745a7c14b7d8580da

SHA1
03bb2b7dd07f1701da7cf19b68dd23a2b298827b

SHA256
ba0ecf05941451756a9acfc7a913e64dd56ddee8f3811c8a9f1cdd0a219ad64b

SHA512
5d21cd342f3f70a7dc4bdd3b100e6677e74a7fec22af3ffc9d048618d1daeb5dc5e3f1511ffaa2fddf2f3e49b31351d7d4613f7f03e21d2b609483ad6aab9c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
232KB

MD5
6cf83526919e2c39b12ad0fabbe14542

SHA1
9921389f4b958bfa622aa2f8ff6bc893e38e30d5

SHA256
6bf5dffc7f23eb0fd6bb5816831b57aab67f73df1ee9f78f9303891c9d424678

SHA512
5c0c2b6db46e5bebe9881f407dad6b2a26068807f21d5c02b80ee14e07b415aa1d562632c11b427bbc3b53839027c92e34f3df8a1fcce8d53415eb8ff9620bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
20KB

MD5
e922f99ffe1e8eb6ff6c80c8c2582339

SHA1
a737e6dbe5bd43874b6b49a8ac947b36f406d47c

SHA256
fdbbab8f74ff0685ddbae8725bb34b645af31f70da755eee412e6c64d78627eb

SHA512
211182d1b99db02f0bb92786d57bc1cc8db182b4d56b5493c26059cdbb651fbf59a4ae0e9c712bf80ab94396e42c0ddd75ac52dc02422668b3525bc7d1625ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f68d3f0943fbf62f8f9ad49ea9a9bb75

SHA1
66d5e42794cb0b61c57d634151b85e0da74e7cef

SHA256
8eb6e4cde73d9dab7e62e4e450b2d32b52a37a1e20c4be4d5cf0fbf9b9624d77

SHA512
6cad01e88d2fc1ecf121442102076744e926807d0359a263987270177e196875951ac8964106e0ffde24d977131e6e4b45c6a815317e63dc1860142ba1e1763a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
214c391023f1b2635c51057b2f519653

SHA1
9693c59fcb237cc7c9ba7ca1ed3574d075ed51dd

SHA256
f7e1af05fafe029f99253070eebad0c514192a80bbcfdc2ad16668021e69545f

SHA512
57e3599101974083f28e0bc11ea30ddf50154de556624067417c1e378fa597a8cd9904a5ab0fefd9da280ee75c1b2a29abdb61b787660d483521a3fe73e4e0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab4419cca49d3f7af7c29114303b9a56

SHA1
9292d53f558780ef66509520db4c3e2bde191fa4

SHA256
c075f76de04c55fc9010e7fe6af0c061d9df6ed1f411eda2bb61b2ac9b5451ea

SHA512
9c573696829e2383d1832067e13d173139d9d9f13fb2d85924ac474a02be1d4da30e140a4858333b333e822e9977d861e68a8137669402f55bd97e3236cba9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ca8081096d1a01ebf225cfa32eec8aa

SHA1
acbcb46ef694e576419a336b2372c46a9ff21f85

SHA256
c00f37a75d498013a341bd9901bb09de5c359894e0b8110858e1b48e20edae0e

SHA512
a7a6676084ac8be5df5db27834603e57696f4157aaf53bfd275c16d523ad7f6894ea540f18d8747e97ace4e00aa287b101d22a7aac1440f57fa6b98e9bb6fd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6321a3b16643f2f95de04506286890bd

SHA1
928e3ee7c7587bf7948bfa1d81c77be37f08a851

SHA256
9466bc3e885cfd47ad126ea9817727ef5d2a494fdc8471eedac665c5857a24c4

SHA512
4ca1af8e92d5e2c92f3934b5b5b8ba3cb74fc39dc5a26e8b17d882c4994930d50dae05adff1929b456ffeaa85688a503e200920aa3d2945b443e46eca3f06e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72c1aa54a11097314888c11f41618525

SHA1
14d5e34f4b0d6ff2cbc36e734f0bcecf3312e1d5

SHA256
1144b4e13c04cbef1a56483364a5698152ab36890aae61c09a04f7d152f38873

SHA512
cbd29dfc013e483315dd87bfe5157a6d8fc68b23270675f74b1d05fca3289b5cbf3b3930e81d259fc905a229f0e1e447637e4a5225ad477fcb737cdd993f4ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f3f6c0ce439fa3ab051fb8d4388df1c0

SHA1
1081543003dcb27143ad03359af4e5e757ea8353

SHA256
d507a486a6e61c74f5d09a438cd28f1d5267e84568ee83b7a57d3069aeababa0

SHA512
1eb6ae4774cf6fe0fcf97c81001fea8e7033acf35e26f31763d91bb95d367b05a869e7a442a19977a24ad33338b430294da52033e050358b16fa19eebbd5f304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bea82303d920f6094c2dc008608fa205

SHA1
9819bf134e82e6e3bf1ddd4e7195e978033a2014

SHA256
aa362c79e9a9923246b3e23b92f1ca3311737618018a676fc86f3a4afe6a1a89

SHA512
88f61334e00c4be896c241f1eab6061ccc570101ab98846f8b828f2bfcc18d97d55dff96fab94f285eec2175cf864f7daf65e28751150911e73a5b80d19d0f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6de3b27d459d9b56479718a19c1af7e2

SHA1
0c49a319e84eda4ee4d3eebcf163dd39f42772f2

SHA256
3057a92ce58814d0a4a06ecaec49450848ce990e4600387f8349e7cdab309396

SHA512
12e511626cf0b75db4c1c2d1efb3b6bd0c6386054a38173d52040d916ac35a81f004b420d1cf6b511071ea023aaf0349650ade33fa5c8497cc64cdf6f240502c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01e49058798798eb38ba0ef94a9cad4e

SHA1
30c6f83991ee885bd7c3f7a01cb33ad35996542d

SHA256
5f5636fbd978717cf6efeafbbef1bf4d233e38e3c72466deff3ed52b1db31779

SHA512
81175895574a2d6c8da7ab277262ed7d3c2ec4b61dcd9f176f0dcefe3b90c8522b4e6c86b1c8cda6e21c87e35b1348739dda9aa4e7eb2d73a31bd55bc2545de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34269667e003a9c5866b9150f56d7e78

SHA1
fba8c304f24b780e8c8cac034962bf5b7854555d

SHA256
7dcda358c067864dfab461373061802f6e6a4f76bf1bd292a3f6e21d497e2196

SHA512
cae84ac1d12be34bca0b4b449e08e7dd817e961d5177592ad2ba793c7e68320888c07c2960432ea15ef7b17d101c24793c6ba3cbfb6c4593afc2efd84eeb7ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\22e2570d-6c1b-4822-bced-afbe5c6fb8f2\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9994048f-5da5-42ac-9077-628fd81847a5\index-dir\the-real-index

Filesize
624B

MD5
124fc61085156dbdf22db72559705330

SHA1
9a3a72ed56eaa1afcb4dbbf71feca21be1a93bcd

SHA256
e0039e447c23309986c860a0d01b855bc9261f6373c16e62b594e4a4bc8a3764

SHA512
2dae5487ad3f1227995059dce45c85933045186e7e92d8626c4b6629f8b4c3f247b4aa7f3f22a3c52c6010089a8e102631dee7f30a837d8ff31ea327704e3988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9994048f-5da5-42ac-9077-628fd81847a5\index-dir\the-real-index~RFe59014e.TMP

Filesize
48B

MD5
361ec7e7cddd23c7e2b2304be6f560ba

SHA1
d59ffa28a4e6a44b8bb2ac75cfe417e192afa436

SHA256
b922977de6383e82e3cee7f60a26f6de49259f1dfd70aabbe452b41c7ccbfcf1

SHA512
d7a5ecaf282a9f86d02dfef1afc019dad09a8e3996e566ea9510672d1eedbe9fcfc07ae83cc62924ebc780b79579d50c550b9aeba81d584f350dce9f8b2df3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bc07e95e-cba3-4c1e-8676-b6525bbe5fa1\index-dir\the-real-index

Filesize
144B

MD5
b31111d24f99bd9f259a1c9511e5b853

SHA1
b86c3391c38fe69eb7f865030f871fee6d93c33c

SHA256
8556895c620621ea538c1b5c53fa366efcd5cd26729583dca121d494963be9a3

SHA512
585796b5fa6059b4e64cc59ecdaa98a804281b87593d53d2bb2e0d48051e5246a47856612da71be99751fa34435f7211dfcaf40a93cde0d7a2277641b4907335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bc07e95e-cba3-4c1e-8676-b6525bbe5fa1\index-dir\the-real-index

Filesize
2KB

MD5
90db273489b895981f41e7a73c3b4009

SHA1
231411ced5b880cb2850b32874f1a51b317dca79

SHA256
f9c6d9441a01d2f2a14c28951587fe00946146a306e63625bb63984db3a2bdd2

SHA512
d468eebc2a588e7fbb39e0837145a6a72cf6f3dbbcb450258fbdea9611e7f788e8bf35901cc79ea52a7bb57bc5e414aa633090834a3d975439bf9cc1bbc17778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bc07e95e-cba3-4c1e-8676-b6525bbe5fa1\index-dir\the-real-index

Filesize
2KB

MD5
00e90573e621b07e8771bee5abed34c9

SHA1
4e06c63993bf7ad7a612f4b25a2f26ebbb22a663

SHA256
a0eef1844b6d60bf6969d64e363fc8a13baadcd51c9fc5812666458d6fc827c7

SHA512
1dd2ef878b6c37eee3829e33dc9085741ddc790c46db82638ab4b908d50dbc925b5dc3ff1f513cf41feea30f98a61ad3684370d6788076b071c535d18203e690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bc07e95e-cba3-4c1e-8676-b6525bbe5fa1\index-dir\the-real-index~RFe588c9b.TMP

Filesize
48B

MD5
1bb288c7029760963d60a22f2a476b62

SHA1
cb1be020c7f64c846855ec50d3d6b3e976b354d8

SHA256
fa740b07b5a2090700991f823852307cb7e5e7ccdbe8f7d068ff2587048b04f9

SHA512
2b39c1661eb69b4154fd5c1de0fe4dac5e88e2bc675f5fa652ffb9a94f91292999d44ed10c8f7c06adc0207fc9d80f2c208092e8798c3630f18a6f750f2ef34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
0902b4c84fadb51cbf2dd00645eae67f

SHA1
2e567a7f5bc0bd958f9c54b6298e5f785540834b

SHA256
4fdc42f8019ccadf3882ee6006b38dbd3b4cee552a538018eb53116beaa47707

SHA512
a03f0c1c85d143f227ecc1d84fdf57e559e37754c4602f0db51f22771ae005804472fb0c33805c22f9fb555c083125d826a57520031f6c9063d1bf3796ef651b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f8a5d2647114bd5e9833cc90bd4035fd

SHA1
3be95c899af2907e1b7bf10e07daf1eaa769fd75

SHA256
e4821270749a52b50c8a85a429660b6297edb3758a1c0ed32abf351471cab294

SHA512
869217102ab4005389c8232c761a94f92e872a4f7c715e8d91974d9d424ad3eb93e8fa888daf7772718e49d1f533ef5cdf70673012113857e5c85f19b5da24e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
9f66c630728d7d55ef98ca62ad187cbc

SHA1
5074d4a7b933cab51de12dcab2aa93a401dfb2d3

SHA256
005b6af22993e13bdc3a12f8cebfc2ec752cec6063c1b9afa3027fc0e0cabecf

SHA512
c7ecd062e8f16c99b8915ec28a2d5fa85283d2d9d8f12a848f1286dc4bd10b792ac440774862a3fc226cabd4cf435542fe25de233d419074d28e41b078a7917d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4a8dbcf7360426af1cdd80acfa070ddf

SHA1
cdab1b429e0d2b70ba7e09ef159fe70a587b375b

SHA256
1dd1ce188bc2c5650fae4e6bdcecdc6c1f8242169ee761aa72b909f586f90d5f

SHA512
5b0e4b59f360b3c59fe4c7be022248b290bb55edb5ea699d61125caf38f80941dbe3a32fc83873e987ed970d547bfd146f8c7e695e3c39677c92cd38bf750c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
2cb5500f73d5b8ef99aaf7b24a653df2

SHA1
3cd872ccb49e00bc215cfe018c2136fafbcfb10d

SHA256
a6e075871bd4144f362d0a9bb6280b928176fa916f213000a9c2c805d274d2ad

SHA512
62ed50545e0bd7576b8c90e3fa517a8a5ca89a5facf4b858f8d5aa82251ed6ebf2ba2216319e260b5c6ae76c8f52e3cd07fc75ef2733e7d1041893c61b5d1eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
2ab6ccecae1a636351a8d08eb53ee48d

SHA1
a34a0483587afe8b47d5c2382e289740f9287666

SHA256
3598c2e5db1b4d2173711ad9a3d26432ff89a3c1caf88d00d8c03e6884bd4276

SHA512
88ef1c29168dca32d7918e9f063d6fe7d172c8bcab6ee2e9b7b7229e9b5ad333e7114ef09ccf737a734ce93a093f77883b2aa55430030a7d5f67517b213783ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
10c29a28597ffc4476ffa34fe630f156

SHA1
85346cc1db1d2457ae92fb0a8ba62e155854890c

SHA256
d26879e0e9a69fc90ff79979cf822bba49ceea6f3eb3bfe0555e8a11b5ffe586

SHA512
fa941877e986bddf3cd21e56b88fd5233c1686c4fe394091c45f61a90bd03cd4d7f1805d2f1ccd19f3f9534d11c776e5d2a25b068df39b02b6ef75a619e2b792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
830cf2c4d6fd766e244a6b0c66ab7de5

SHA1
40b75fd3ecde99e418a84fb6c5185681dafe3a31

SHA256
4273abdcdab5c4e554a2fac4a0c38b968e303e2ed89a32b49bf307ec80839774

SHA512
39a01f5e8b13c2e311e7c2fb2c5fcb4e7b233c1778853523d42ef680922598e2332aadbb98cf64c5c78fc91507e320f9785d0656120a6fcb2497ea0f9c07ffd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3a7b75f927c5ab51db344bcfdd83b56b

SHA1
8ace86cdb81e56aa1ff931d20196512a5fea3f7a

SHA256
75db3b45187aed577c0bcb12c17c7bab2f9ddcb6ecdf2eb53164dc51920f1d49

SHA512
50f4cd6393f60bcd3cad82cd0c9ee8980f0cb45e521858632edc690b97a6586c8fd5aec8fb10e5becbaf1895d2cf965aa322b0aa4a850a8a7b4db0afc7cd7fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6f754edde94691523729e504a1ef5b67

SHA1
641d1e0d647e06e9d878cd303649545a282ab817

SHA256
10fc6f17d549ac41063e9ba2779ff9d11d0e920a219a5ec323d34e84f9d5990f

SHA512
f943b92ad00cc370856fe35e2d568b91f5b730fd4341ce300c88da8c2e24cf9dfd2f42f29fb688a313c7ef9bb750fc6370bf57dc37419e0fbb56d18a99c62d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5884bb.TMP

Filesize
48B

MD5
3eb4180e376b436b651ad1bf8cd8ff17

SHA1
b579906d021355dcb8d17e7ddd5e283e56ba4553

SHA256
d2e50524373d4f7c13d5f65939eac8b4206f527fe62eee177080b550b0a5f8bd

SHA512
d26d6a1d8a72ccc21292d43209e44e8b91cdf0d603d17d8d46f5ef69f1357d4094e356d56374cf91da85591c3442dff6294d40991a3fe27625a51cf217c8575b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44e75c890e21613ccb02a68d46d3f75a

SHA1
ee960752c80ab285f2269e1d50a6ef80d6cbda1c

SHA256
2939e9605903cdd53be56779545b9d0cc32a97822e7398dae145a1e823eaf43e

SHA512
e4e8a58e351d6fa7eac2e0e4cdadb4c1948b3898f10c98dfec76e12387c5f3faf55ad10cf48b5217dfc8413a7bc78536237bb25c568cdf3b8c4ccfacb6f4252d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00d8ff06c6c79bb7af6e5fafc6627db8

SHA1
4fcf58f4b01d8f7d043b1bc5e698e5bb644ee7de

SHA256
5d68daa08fdbd8b9e423c8f921232ed496f9d2c8406f0d094b99995b7204d9b7

SHA512
b31f2747707a43cbdaaf3e82072a87b246fbc915e791950f523c6d4c9e317c834a1869afbaeddcf6e22fc4529553d2603c02c02f77762e4bec857e81fb9fd310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4f92e29d92357cbbdfc5468132e570a

SHA1
2f2c6e0b6ef164a479071dd0bfae60f064041576

SHA256
1a975cf04ba9f5736d7a6b54d6f0cb6bbe890825f6dc85397156200da9c44a52

SHA512
5005f545951c2f96060f49b8c5f774db0a20be9c426d3c215582800e25c8e3ddb3ce9112618e4ab97e49391e3640abdf286c610c0433cf12b0ec64f0185978a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b197eb07107c7b455c8e96c663e4301b

SHA1
98f5e05ead02ba42775fe8fc6182af1fd06f3ca1

SHA256
20bfbdc9e714c52625efd525059d2894daa79674c94886fc64d77be5353a00b2

SHA512
011ea61282a1e9f3d5091c70ebe95055b123209c2457a82c60c7ad7de8d0dc4cb265381b57f9614d8793da1b89df3830e2b89e0d5f516f26589deac5735c66c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cc5fdcd25ad7260c4e1e6c3dcd0b0bdd

SHA1
02c5ca985626bf9490db1a27cee487b4de991853

SHA256
e90d8f655b5db6f867126774883b2927ecd4b2077b1de8513b8f2d2409f7aede

SHA512
2d339ff8500d98e97c764f7102f816d7ce4b7e4910e3faee3a3cc97fc9f27690bac1bae8e070753600242be538482ee776d86130e76ddd582b830f42933af6ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4e6f537b7614448df79b9c5c6a7a1bc

SHA1
3265a949ccd5d75ebe9b2a8c53517cd2654e63a8

SHA256
84002c712a589076c37a0ea051e0611aa1624838cfaa2d0f093373d4def67061

SHA512
ccbb41c603323144f0edc992b3d92f524c96eeb569feca7a39688cc63f56742d009238fa6df11597a7918948b4e7f7a23fc968dd56c9355541a3f1cfa8dc57e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e9c3230aacb1b2a1e2d24ebdbd9d186e

SHA1
82693180960f9a7c4ba26bf24baed78fac20f3b2

SHA256
7e9192ba807056c172c73bf3cc3c44b23ee6ff20fa0cd84d23d1e174d45d4172

SHA512
226f16f9ab586fd3381c0b218660894d4af4e1056a257e60051d307a44dd032a61b60a443e6bd5c040928a2d541be003e4941af903d5505c1b47782f47f2e8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d81220c80332b6ae2a8b384b2fe25a08

SHA1
5dbf8dc8b5cf2756d37fb3653cf46d2e8c57c7a4

SHA256
9e05c9bb06623d180fb6330b1ca21a6d03fe8241c3a2c853d2bdd66ac5ad859e

SHA512
5960732f48d5148f09c90ad3ad9ba2bc397dbe94508fb1b498437e47e47e2d60b090a76ca8aa964c2b5eeba51ca9254c2ec40442f5566c55dee50ca96b940b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a223537d7397dac306213fc0675a63e3

SHA1
caa66b374a21944adc2e04316db96e3bcbd751c4

SHA256
b5b21022fd1b28cc96aff3918cc22eb5a9ca76860b99468597e28597208cc217

SHA512
091215b58bb1678e56d40055373fed0bfed44a60dc92d023753b8be6d67052f62820c4276b9a909cbd2bf3aaa9551075c0dbc1e3f0986df2cabde3577c16f057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f7eb9fc5a8b43a9f02401949736f0195

SHA1
a077a531e9dca00a69f2e1603b1d1e57fa3fbee5

SHA256
b582b26711ae1daa41b6a2daee03c10d937bf9bfdffde2cc70f1a9c9f4407771

SHA512
a2d5f67c08e64bce93c636bc0c195fa858297584f66d06cebfaf0f81309c952d54b4ebb6e1564cb015300800cbf0d19cd1de177b5ef9ed49e03538417e7ba961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5842ff.TMP

Filesize
538B

MD5
fa864bab1ee8f595a01e7dc6b32e5fc4

SHA1
3f8602b91da9ab70db2f71067fcb46e71c862c89

SHA256
da177d25f67bd15a4166a9166fc077ebfc40ce8385c05066f171c4070694ec9b

SHA512
612d8422159c275b44bd88189f57d2c092295c3abc667e4693dccfb2e6e7ef9bb9677734998bead060ce24b114b29820dbff275d82b0bc157519c1e8354789e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a580444bf1eeb95751bece984999c314

SHA1
cb66b07af7cb713fa6c6616882dbc3a10a8c887d

SHA256
1b3f59757a775926ee3ec1e50588268988dc00cf767d65955c98de079920e632

SHA512
813e14235bdbad09a227008e7074263255f4a712d38ff6b67ca18077da17b8e15d27b570a44f2901d819ee31bbebba95419fe18dc990ee6cd3b4e3f2c912df1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d60c45335c4eda4ba55ae71ebe435858

SHA1
abbba25cbc1ea9cd1e66b2929b8c34845e684a32

SHA256
8a374d920413d8ffc85bdc2722bfaa35015123ab2858cc560f1519e25ce78ea1

SHA512
1a501265d155a4f697393539a220cd598eb34e5e1de9f6b06a53ac30e26bd8c8fcb28376589aec1e887bceba41f14067ccd6268608b71066633ac43605894bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a65d0cead7c648e6461d43f71e074b75

SHA1
88429b92b7f5551279114df67909d2d4d7af35bd

SHA256
2f1bdf0e0c579164f7dc7fb129f1fbbcdf01332f96f3518be9a93fb1d899a6e0

SHA512
cc73fc1e6641b7416754106163670317a528c85c0db31dcdaf4945af2ba05fc2605fbc2279264eb1eeaef42ee79aedfaea81c90795e560ef360b607ff774f91d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
e69eed43176ee350d565412dde0a99b7

SHA1
4c62bf6494e77500d5b07e442d5a639a2feea8fa

SHA256
47252531e3a0704d3a2f7c37b918f381faab00c7e471df7acb71778e0a294d57

SHA512
1faa3762cddcdfb4f42805ee1c7f7e871b079f62cd55a6604c0a482900dd986d4ff384b438098703a95840a59570b33d119c511681cfe0e3da69454123cac1f9

Download Submit
C:\Users\Admin\Downloads\Snow White and the Seven Dwarfs ｜ Heigh Ho ｜ Disney Princess.mp4

Filesize
3.5MB

MD5
20a6e473aa7b6be645dc1278977bdbd2

SHA1
b3b44c4072bee593b1e7b102d7d24e30d49ac70d

SHA256
367c30b35b76c9ba40970529c13fcb381e8312deedd05707ba01ad1de0fd36c0

SHA512
82ea5316e7dc3c011cf20ff9881b8e792ee14d6f885996119b788cdd99e7ad416efcc29ecd925c38663f28e9df9f82534002209481c57cd14e3cbf04f9d4720c

Download Submit
C:\Users\Admin\Downloads\Snow White and the Seven Dwarfs ｜ Heigh Ho ｜ Disney Princess.mp4:Zone.Identifier

Filesize
1KB

MD5
bdb84f69ef999364183496c0fcdb9041

SHA1
bdeb0f60011108a9a40ae91b2656831d5e8bf0f4

SHA256
0763f1fae3fa4ddc22e8028d99afbda47c87e96b98f4b1a4cb9ef96b891627f7

SHA512
aa26d11447423465c648c7400a8dd7d9c6c11e29f7b6e508276d84f6d82d0cc36695645c2230b937081396efdecf591da2589e8f548f9bc7b6827f480b1b7e2e

Download Submit