377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33

Analysis

max time kernel
1715s
max time network
1766s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
05-02-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

7ce024e6e2248ee891248469894d8a9c
SHA1

13db96c5e8d67b7f1141d22567741cd45d659c1a
SHA256

377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33
SHA512

ce5b6e7b7da5d3d00ad1df64006c24c291e24cb63e855855375e52e7a18ea7b3d283fababb79046a59533bcd80d8c18f604d9ace64af7e712f18020e5b351eff
SSDEEP

49152:YXrcUh6gxrxD0Xc3StQyfvE0Z3R0nxiIq2ddIAuSF:4rNRxrxA6KtQRq2SSF

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-334598701-2770630493-3015612279-1000\{879F7EC7-780C-4576-8444-1C88ECA2746B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4952	MBSetup.exe
4952	MBSetup.exe
2492	msedge.exe
2492	msedge.exe
2140	msedge.exe
2140	msedge.exe
3588	msedge.exe
3588	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
1732	msedge.exe
1732	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4252	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4952	MBSetup.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1832	2492	msedge.exe	80
PID 2492 wrote to memory of 1832	2492	msedge.exe	80
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 3924	2492	msedge.exe	81
PID 2492 wrote to memory of 2140	2492	msedge.exe	82
PID 2492 wrote to memory of 2140	2492	msedge.exe	82
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83
PID 2492 wrote to memory of 1660	2492	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf8463cb8,0x7ffcf8463cc8,0x7ffcf8463cd8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3859813458946370834,10006518460966539526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb88128b6b2d63f04c36ce68ed52d0a1

SHA1
29cd0515976a9249fc96a9d77c9986238cd1c2da

SHA256
19341f9fde32349d43cf9951f118ebbff856499e0e6875101eaf2db37a7d7d8b

SHA512
ab3071e116a32fc105a868fe9f3cd11cb282fc6cdc1e101b09c7f6269502f98b34b2f0a2ec32eb2b537073e2b20bd22cefd2fdcd4be87f8b169e6eed3bed1ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
27KB

MD5
1d6d6c0e200e333c0a31f707e2f5cce9

SHA1
8918ad33f1d058efc61c21cc2e15956eb25f9407

SHA256
8126b462db0c212303afb2e26e7460f9d74579e7172efe04728fdc283ee0f49d

SHA512
0cd699e9be787b2bccb25cf34c5c0b5c30aff15eb62030eed5ac8bfa1efaaa9abc5c0763f7ece364774823d8ec511cecb02970552b1a0ef09130e08fe672411d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
55KB

MD5
35dbf5afd94dd614f75f7aaca8514062

SHA1
ed348394ea73a3955cc91915640d1cec43369a0e

SHA256
f6a46a41a081b1e10e50358503ec9467e17f04a635039f21a738d2daf057f0e6

SHA512
fed9bbd30d8fe16fe4768d7759f7771f30f910e12ab5b55fab334775b922eb1df85fad9ea67fcc853412fb6f85b5683e797e11e10f20ab2c8341eaa400b864d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
c10533650ab2ce04634865c72de4c069

SHA1
36a8d127fb45ffe2707d97806d4e75b491aad8e6

SHA256
12c27ab7264cb8fe40062da6606b6b572d787e7282239d948e01e813439bb69a

SHA512
9fe25a1f0228bd5c1b8ad365e221edef202fbc8ba11dc008d40198a2b8223caf211e74d16bc4fc293a088dc6af6f9080f9f45f5d6696d42232d800390807a7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
777KB

MD5
bedd857c150d474cb0479a090c41ddac

SHA1
3f06b00e33a5253fc5ad4857a551ceca2db887be

SHA256
8580a894479249d35ead1edef5d498501d35da2c7c24bd907aa1112acd0736c0

SHA512
ff41f6ea83e40bd2810acf1f9d42cfb13455be24f482c2b879533e22b8c491ec594823d7d66551d6eb27249fe50e3268d47355ab37a69a18818cdf41943f1faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
20KB

MD5
725a47144d09a60511f1e6e092c4f3ec

SHA1
1d33abca47326a1c38cac103c24037286c070caa

SHA256
3d50cd70dd62d7b1fc35c31e95190853426a2cece901bc184689fc4dfea9e55e

SHA512
496d0a786e4253a63b8531da2f601d08db361a16ada894469a303b5355076cddf93eecfabe02cf636400c0aaf354c9d6b0ee259dc8e04e052944fb7ae91cea53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
f37738bb4f7d6a6d5bd5c1be985f7169

SHA1
fc4bdd8996d6dc4776f4c78b787df5325cd9276b

SHA256
ce5c152f6fbe56a965377f2edd80887cbc0618af1814954f2b39f936d7a8b951

SHA512
c2aa6c37b383ca82dc0fd47640af64f0840087d1ecac2735f8f000f9dc3554f05bab5d989751c0bdadbf03e9f06d598de67d636148e50801ba38cd54b0905d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
70KB

MD5
0bf49aafd99c3772f1f6ee04b16dc901

SHA1
f5e971080fcf3b72eab94ad665ff6936223a3e0f

SHA256
2fed6a09cea558c50269c618d89c8d045cd14e11f6deb5a844a6f9c792dad649

SHA512
194610f6aeb50eff10dae296dea029e63019d329d75ae111ccdb53dbc6a0a3476189a3370820a16d15d9d705eda9045e25f92679ab17ece44484e8802968300f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
88KB

MD5
2a9f444a8b56b75676a202180f211a23

SHA1
97c45476ce54859cc2bb5221b0f743eca1134e80

SHA256
7ea7613d4188c858adcf2d7f6f10102ca3aab3500321113dcdf646202c33412c

SHA512
3f0564a50aebf1ca9d7b445f8d60a2ed50eac6557751d9ac1612d225ee72e0aab9ae0b2fbbcc00ee19004b43a9d5571f0c1f265dda54827228a45138d7dfcdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
161KB

MD5
6f2e6e2f9ce1fedb88bfea08da939e92

SHA1
2dd9cfc13ae151a6956461c471fcc7895bbfce7c

SHA256
71f660792e7aa08cfceda06bd753d94ae17af4541fdfdc8c9aa86b602882f8b6

SHA512
ad9ad75569d5818a37e57e2f9aa2b4dc608536a3e93c7aaced6e6eff429add4cf40167853a8338ee18d32d82b7d19883a3157779437574d3fd6e2f3b2b94a9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
193KB

MD5
7fe2c36271aa8065b034ce9efdbd2a07

SHA1
e22ee654cb122d0d62393dd8d6753d2bcad148a3

SHA256
02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

SHA512
45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

Filesize
112KB

MD5
3ee5c2e88df7e8a168ea19600ab64692

SHA1
b7b92d464a045ecf0f69d9311fb547b9c25dea0a

SHA256
59d05ee35c3cf49d2f18eeb071561edc836e1d5efb47b447a16514467dc56958

SHA512
5769dc08bb85fe3daf97d0739cdbb877e7525c5adb2da722e1f2acdaf7a4a6c17eb44069236ec4585bb78f89af72e20f23ce7ff1bbb5165029a2b7d9eb92c9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

Filesize
111KB

MD5
0deaa9e8db591d53e8dd4c2b7b9606d7

SHA1
cd2199c4f2c8a3b75c104a0703ded210ccd4ade2

SHA256
bc9fc083155be94b6e8ec4fbee42ba4bb5a7e51f3db085a3e70defc23d67772c

SHA512
5a898961c64783fc57e840a7f9bcd13583f0e67a529ee036777af56aa293e6707e39703c08869fdaa7984549e276df2cfc0ffe84f06a53e7d0e3f79bbf31c3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

Filesize
113KB

MD5
ff27ea5645098e02ddce4d6df9383a79

SHA1
9f3f6ce79228a2916ced620922ee2ce51a581357

SHA256
f7f1c4a84974f805c6d7c95cfcb25dce2e1ef17095aee94511e379b37c428d54

SHA512
1d7ddee01c6e9aa297299aefabd06b2fadd040fbca2b09e0cea8c6d370947ce7ed3e231e4245d9d564a517e65170c3f7dde1ca9647c7aa560ed34ef9dc4a3706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
39719685d7dfa48868efdad5aa06070d

SHA1
9cde96e37b800258040a2fe0c082f21d792321e6

SHA256
3ce11f6e5458cd555337144bbc7908ba97ae1ae479886658057a990be4cc4bbc

SHA512
ed87214e0086b2acc0e4a61eb2fffa95b722a9636d049d6cf6aeea40a28dc68013dcace21e9640779c96f9db3a4a40b2e0d7665326dbc36957279dfdd96ee0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a0703df20b370af_0

Filesize
1KB

MD5
2074975dd67e66fb843932559dfe0324

SHA1
135d2c1796c8283bf9a793a577350d3fb1409fad

SHA256
50208cd086b67d63c688eff00eed421f9e4b11b4ea7b7d6bc8475b6fe4f14321

SHA512
96293a332c9be9a3fe1611bc8f674a5c437074dee8cd88d3463c69ef394f81d8e3d1f06b6b60d8ec453a2f7f303b8b79fd95c935606a1250900cc39cedbc8b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99355e6d825b2751_0

Filesize
3KB

MD5
8e031d36b38ce46b73bf04251abfb31e

SHA1
772fb20b4a13703938bab65bff424066bace9fc8

SHA256
d6c882c63627605d5c33428b8b3057648164396d57cf95401161ea55ce0e7ca6

SHA512
58e3c01629acc9dfaa83737fd4928fcfe4dee0aa0e112d162e3123e4f38f8f7f251a10f54a00d253d750459a64f5a7c4700a316719a7df5ca2f281775829b3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7dd968ace5a467f_0

Filesize
3KB

MD5
6a603b6d28ef3fec121aa9159a103e06

SHA1
993677e0b0905d0458945bd13747c38dcdcb6be5

SHA256
c83e7afd4bb3e65d61e45348fea01c1eda80df6607f1b5e07158b79c6b37d76c

SHA512
5c5326091ff66683a7a89513fc284ec1cc32bbfe12d422d4480847c614a6a27e8589e723fdd7410532534f0fe739d4da2e4e919879910edd71eeb8aadc0c4279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c3df0a007a155b1a65e0e07c182ccae3

SHA1
a62891d8a1d15ebea2701657e42c64b4265aa6b1

SHA256
e9c05160e1c1203361351c04710eae42b5f8f8bf04fc888a7b4060590b989708

SHA512
812aa105af29f9f76c470b54348af154c915d2635145f77a148ba6d15b34bdd538cfea6699ef3cc28fd867a797871a7cf98637c35ffd1c765d633817777e6adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d347d55fc9d862868021b17ea55418f1

SHA1
3d8f98c3ef017ae7c25d38302ce234615b2dbf86

SHA256
1b2126e5968a41dacf0ab81c50051a9da30ebaf0e2f02ddbeea0c58822afcd94

SHA512
dd823ea5a0934103f3cfc1de7b9f9c49d8c604d66ddb6d4d53b3a769268c70aa237bdd5f1a409f03f21c0cdf33c62c77786278cb4ad5055b5f47fb53e9955769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
85c2493c6c97507281693457c946ef0a

SHA1
1817e66595bd91ac66827e417ef965c91c1f31e1

SHA256
485eae7fa3e6d1b09aaf913ee6978b2d9019ab557e8e94d10f0459c1530887fb

SHA512
83e6b140e1d85abf0ee61dc3b3209ffaf104e4ea2c05ec5f413c1092580c0e9e9b8e94512a9313ac37e928a8ad65ff491e4b19c2e4b20a970121c356786e36e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11b050da907ce48a5359ef9c893f8306

SHA1
3af3b5a627236d6acbfbb68fe1a17d75a2deb29a

SHA256
09e445b7c613bdf6db2a3d9554ffc140af71ea6348762007022c523da852d921

SHA512
dad31de2faa36c031611b226a67d8b915b2234e0aad2d66851bddcdc9ab0575ae8439811790ed205883d48a1d5ad252620fd5645ee28ddd3781e4c86bf9f220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
231e5417428e2c101d1bc14d6a3ba553

SHA1
78e50a42a21b6b71948112a0ac3e9e7150fae290

SHA256
33e0f71f86676f220f0c7ef56954646db669689fc310ecba2173c2d8d774d502

SHA512
8469a53c0361ab409b54dfc0c4845335dafe9200f17a149f4e18b088c107d7201e1a1143898392ef53a478003b2f8b40bdd59ff87f2d32b7f69277711a30cec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cf9b4fb0721c23933cdfb1bb94af0ebd

SHA1
eb0b75acdaffdfd2e5553eb75c70339e3a291212

SHA256
77958dde03beeab7a2950397bdbb26de426baa8b8bab87af0c8dae5d57673b7a

SHA512
9f27ab134d516682aa53f2e83123410457b3b1b59bc503c0325f879f697409d469f51e5a62d15ea23342874178b7c44e49dd52f8f3eef3def3eb51e8963a5865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84d484e98334966e8805adac73728199

SHA1
68128985747c760a66e3a6d2a35469f259f0b190

SHA256
962f5ea315619a7bf60ae3a51e58a5761ffefd224469fb0d3a09f6e543b5dde6

SHA512
35efb045aabf5155d4c3d87cfc4610352d347cde2e9a16f822194f3e8be079bb15495e77e86fdbaa37e08372d9b42195a87aa7eeb653cc8296debafe7bc47738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3397dc5ddcf7ed2021170bbcf0be1cf2

SHA1
e8e3b20cadfa2e6eb00709d8dfa0719427c58b01

SHA256
0c8dc77b7838ab26c88ced08b8d7418e097c1b5241893ee672cea93316090890

SHA512
c2aae6f205203c67a490641d5e1170e1ff55a8954461d19cfb14235c8a4ad30dc56f8a6262cfb888f7dd6e0008d8a210bd6961e3180b56b8627e5b75a5aea4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e11bca386dfd86f4c361abc5230ea418

SHA1
dca78bb936e0c044ff420f1b3d9c439b7626e4ba

SHA256
4b330a9ba7f2dd6b3eed41548d93504ae2788d4815cc67e051bef7e35d259ebb

SHA512
1b5647728eb72c13162a9bc489fc19027943ee3998ebe2e55b666bd3fb89ff4ec292683bd3efcd3af656ecd011f1d1471aedfa9e914a54d593dbe931c622ea2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
358d5af524952bb4906e8453811c0a24

SHA1
32725af7b8cdc6e6f5cd3cea1284b204d92359bc

SHA256
d9fce9bf0e7f50ecbf39afb7a5adf8c2415a516d0eee30dd1a9e8b9ebea1d1c1

SHA512
850d8c868901075c1d29bf7f62f3d103477fc7fa2f72a1c56429feba821e3ce3873dacda5e44cf9643c9f1a3d310d02744dc23e90efe34b2e20209458680128a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
947B

MD5
5ee1514b6f175eaa8cfebf5097d09d8a

SHA1
b70b773d3e63fa85812f15cf92b375b0a160ab91

SHA256
661b6a2afca03a8b3c6d97aca610b47bf93323d303a779c8d09ee22e130503e4

SHA512
39c5699bd9612ccd0453259a1c9ad3b06f4c57f935471eb9ac92802ec2d1f7d92111ed59d5d759d0c410ec7a395eecdaae7eecc779b5326a2eabfbaea29d4cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f64e5680cb8b4c92cc7a21a62e5c9be

SHA1
fdfc3ab757460348f080285a0b1ce11035091d71

SHA256
86eaa8c40f0e99324cc419d0a97c47f8ec9a8f30bc6be81abe5a181a0fc75425

SHA512
50d48778deb47b1d30a297c5919b11d32a9c27fba241017d43320ab025824d6db94dc82cc5b890f2456269b2c628821e2abdd0be66281c3c877733b8f2e229ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a09b30339dfab785af2fe6cf2c2010a

SHA1
eba324c379fe33b9825865a5bc508744db71438d

SHA256
059fd82762ab2373c993414b0da83965d76cfa9670ef7000ef13b6a15cd2fa98

SHA512
61844fdb45a5af033917e09fed361a142fa2664f80f5bd8ba3e0665c96b8fb46e78970ed244d2b7672702c44ca424272e4caba0466527f2187549f07b2e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0471f2b2f87e7904d8d8c73573675c7d

SHA1
d86d0ac8a9717545418c7bb854e7c09ce257d7e6

SHA256
6528dd6e741598767b0b12eef1fbb6519e9734116ef4177a819067ec428080e8

SHA512
e990082d4516c6431e2f6b6525db467ce7df3f7ee01012460adc1661ce5235ffccc97202cf445d461c4ba60861b40a71211643427160930602fdab8027a54bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e0df074d78438b21bf699a536f074ef

SHA1
26cc28968749d35393e0905c552bdf58cf9f7a9b

SHA256
88f74d8f12e0ede4d2c2724b8d4e9d44e8681212a5dfdd3f3a15b4753c948694

SHA512
29744e52ed93d2f8b00729e6bf423848be131142c62d49edd7b77e10b5c82057a8361b2df301db8a1d0220cde6ef086fec604611e3062d26b3cc9f4b9ce1658c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bcd8c683eb92b9ad5c33b4cecdee9e3

SHA1
80fcad1bbc776f66fd297c1066f25cd0b9e0b46d

SHA256
1514384c946022eaa8dae66d2539e9417c15d96d3e7c07cc1c1ebe3c31d73762

SHA512
63243fae3366e76d268d55632728b00e50739d2f9adeec22abe92304ce0555e40d830d2f0436b4dae7d7dec5e7f242504a4192161fe57808d22af1d91f330e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b21faec446d7e734eb409f561d83ec62

SHA1
acb02c9b87ca2a501bec3a798dd77058617e926f

SHA256
ac872febb4884dc4984531fd2139ea147dc63a813f3b86b7e6318fa3c7a77a95

SHA512
c9f181cd20507e62159f384905ef942b69fd8fde43aadab7befa40e31b74b81d8950cdb36799c4fba4b82883c99d0bc6f27b63b324d6c6a4422a764a20cc4a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
db76fee42ab127e4f070b481a98dae23

SHA1
45d7ec05df5314ef30efbbf7906722a5f493f205

SHA256
8a20b03f8db5bbe0d1979f1ac466f3cae81772c7eb919424b9938edeaf5215cb

SHA512
2a8144663c1f65b28e8d4823254a136d05bb06462899b3f1d4e94123b719bb132b08096ca174c80bfa09e9d50faa885a2c4ee50da36b530a560c56722d9ccd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20948393d2b53e44a4612ea9ae4dd112

SHA1
b67807f767bf9967b044ffc2acb102eeac76b46d

SHA256
cc34bed153d180fbe3dd7a00091e041f0709b614f73432185afe14b890bbde8a

SHA512
d03999ef0d6d75b84bae8c3d9430b7ab3ba1b07391e9cd51f0df316b87a43921f51a92b39191a60fcb7fef1342a04e010322a83c7ac4d8fb23f90c01e3496638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55e4d96b7b39fe6dbc9cbc906c588e0f

SHA1
422b0031e5b0ef9bd5573afe2142dc3e49b2212a

SHA256
bb543437d18d55e626ad380d8a8f703da8e2ac02cce415aa6fa2c548b4e9d6c6

SHA512
27a85a55e794710d4e98f38c676016e9624c3ca585b6c3e748cbfad9982d1c22b9f091c7b88e2b1b072f3124112f875a47e40b0adad655ab20b59fa0ee6fc5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
87796f83a580ad1059639b7b6f48c978

SHA1
3aeb3452c1d42aa82dcc46fac0eff546266958ca

SHA256
ca9281ab005e47fe20e132b81ccfbf7a5f0e6d845cd3412129bcb07cacb1397d

SHA512
196d07ff37bf35b583ba80ef92e0277eee328925a77accb3dae1ca10a356a7924f49a7e6233db1b8b320eef6beeb9677ee7d642dd4bcdb2f1343cfe84fb186cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
c1cab087623598b93856f42dad2e1cb2

SHA1
5d286274f6a177541de08fa63a4a3b5b668fc3c7

SHA256
e5fe8e004ecf2065717fbb096c3bc726e6a66882ffa643b52e1ed37a83eb22cc

SHA512
8de5086748c39517e3825b07209648a729b4d7fff8360cb228a89256a3df34c69ad45c4d9d30c8301c7d1acbd2063007cd05b5dc80617582d0e9be349f14b9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
8fcaf868cedbbb63134663d706bdb8b0

SHA1
d901291fe4baf44393453fe6a1fc5d919728d38f

SHA256
c5f03bdca5e0b8fc82d1b9f9a685e1143cba2a00ac82ccb360e98c5cedf4c79f

SHA512
d4ebb5148af6ab9fe65f8b3c35fb7f114fb96ff2c6875031d69237270d8eb2f3e48e1b7426709cb67ca60272e41e2306620c8752252f6df280b532ab54c50ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
c09128de666ac1977710f23f71eeccda

SHA1
d61c5401426cfe225bd6a859faeb623469be654a

SHA256
876cca26536cd15f81ee196a3637263fbaedeb1263755723ec797e6769be2c06

SHA512
6e9711f50be54b1dc75264fcad25ff704e17e0b1e5f1222b879fe94a3956538e55646d7b585c64d940dc3e242861accd286cb63cc09873f77ad9bd34e0878104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
490b5c0359da1c3d23678e6cdf8a6b6c

SHA1
76fb3b77b02f25b7da834c1f7cf3bcdb0d47a26a

SHA256
8315af27c092369342a6cf3177b7393a3e0244c6321cfa6fb57158929f85c855

SHA512
9b8a0ec3fce481ba73cc87fd2457a3ad85216a21218681ae6ec31457118847d81c73a80925205f58504958fb49d2f4308175168abf80da62909361f8df97423c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59189f.TMP

Filesize
48B

MD5
aa619b4a2c3eaa474d30e11bdbe4fe43

SHA1
11c214e8e0d19a9b0a3f89f95fbd7d60d2889a68

SHA256
25f4879aa9bbcd881130452753992391e3c368eb93e5a7cdafc5b2edd0511e38

SHA512
19f7c7aa3fa3ffaf52696b167dd7260646f1c682de133d66c98841f75dec41cb93e80b9b2ef79ddb6fed4e522488aa9a38f8bef49313dd7daa5c74ba20f3de8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
58ba8421945c25eae21ce596f25a5f69

SHA1
eea984283f70bb7817e7be8e660ba9b388962915

SHA256
da41b1d3a7e6cb0d33acde8c78c125c5ea96b8cbe3ebed8cf1b4dd36618140c4

SHA512
f5709d20123c5a49b8798208790d6c58f77c0bdf453cfb8e507164f0b6501b3c9788f9f1c36d6b7104321e0a96d0eac74fa9add03010f1a19939f88770c96ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0da483ce3c9c7ea4aae8cb680ae2185

SHA1
20f7b6c560ba4c6b4ae3d101ccffb22bfc21fab4

SHA256
42c295a2aa6cb9d1ab790e27d8bf090267276e020d7a2bac17f8c75dd658d755

SHA512
f58bfa33370e55ff5a517ecedca2ad2ce4198db70e2468ca105783b8c39693c2c53241f6e65da664b59d43133fe6ff8c2f4d7f9d93dee0c0a7ecca4e3957d2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcbf67c8136150cb9cc8745dc4912b39

SHA1
ce61172f225b679fc8803f0c5a6dd010517b0620

SHA256
afef30623b8933dd70db81546a81d48be6401a2a997dabbb18d4c2ddab0e4625

SHA512
32f65cc98c0376f89727b0193e2a9617d204eecfbfdaf516a9b0103f84432e5a193686d58d40266b8908e61b3013119ae71d2cfcc6687af7560ae4c2c14e74d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30fc7424c8560d8451869cde2417d4cd

SHA1
9414b9b6128a2f4dba9dd3171d8376c43e46bf64

SHA256
e438763773279472cc93163ea07b4b5977736683a94df6b068ca006d40944a70

SHA512
18571ce6907fa23990ea19a3b64e4e583d15ad53570fe6ca503a8be3c9b4e71a521d4db57da9cd08e64ab583c954f09ebccabcdbd9115ca0b8037943b1c67145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89e926925b3c43a1b8f020a41b5b5689

SHA1
288572f6e7df29a2b5ea2e2d9aeb7a1938329ded

SHA256
bb567d4aaa94eb0eb1208e8f50e2035fcb645a378890c4e22824322bf03e226d

SHA512
61882687bffd8f9b2b67529c98cc8399c8bc7683f9339eb2ec44d9dc3287b9fe0c04977ba2eb23da89df78a146e34fb9c2d625640c3b370ccef2e24cb1db882f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b810b8c3d55a4490f64c708fdc79a86f

SHA1
7e9ea6028019164b8ae847b7cd2207179db72ee4

SHA256
76fa2817d7f3cd8e0b4ea68868ca67ee09b8d7de3e9eb7748a048828d61c578e

SHA512
468f5ab21f1667598610c97a0ca6d2d26b5afaa7070c096fed4b478cfe87eea19ac530709cf02691526e4826d78df1f14bca8d09f984acd1ce24834bedec71c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64ec0d44dfe370721512c4fe036c30ea

SHA1
c16bb789cd680b9b0eb559cb92b1e0074a6ce75c

SHA256
cd45f81b0f67e9060bd0882dbdda3b2085d23f33a7e911d14451717f73b644fd

SHA512
626d066f9ebbe64079cef27050a474fd9851df28908189f53c31c3e77e78837f013b59eec08d56bf207b3c1a5e69da8f87861ac5f6326f5203c7154ef0744d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e899d804abf81f3b0b3e6c90c57d499f

SHA1
457e998c6c6f38ec078a20daf35dd0c3374b903d

SHA256
d5fe5c2f881a9b5b095d88bd8a8e716d57eeab30d2712a89955fdeb7807505b8

SHA512
740f7ccb859bad3ffce62f1d6433470f8aab333cc9cbba4e35716c6f951830749b16470d4532fc26883347c5384c6a21b65396166f70725ea5e7e005a8769746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6108f511fd94543a40d39b94741bef8d

SHA1
09b7759c87c99c618702f54c7269201f5c8704f9

SHA256
9840eae15388a8fd4b24d20becd1e41c2c5b3b6a7cc57caacffa119e7be264b7

SHA512
2613957d3d3766d5a63e4120138564aa97c074e0b16ac90669fa3faddcf4f465136b8db1af9aff79e8e164830e53cbc3227bde03c4d0342ddd55dc08547fae38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
bd7bce7ef280991ff8c0c32676e3fbba

SHA1
335f4202caf60620650b420726168191845de727

SHA256
da4deb101bf7764ea4cfc9a6a3484de09a040ce150265bae99443f2f5ed97e72

SHA512
289a208e481fb07ec1e7f5331a7cb9ef3c1ba1b27904b52e4d539ddf05cb8ecf6271b220242f69382533b278a5043337e2bb2791175be20d75e83b0825f1061d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0576a9ae223d25bf77eab65e390ba3b

SHA1
e82ddabbad0cb3fd8a0f962f087f43cf5684fe9c

SHA256
9d37e87cf89e93712d719db61f2979807b57eb4e927785b2ca82ae51fcf3bbda

SHA512
94e96fc510f93635cb14a18f9f76daff934120c7138c3c91b335ef9ff16da4cac42edc001d928d38cb93512db6450f95e60e9fa589654ac0385a328035c125c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f611c1a90f4ec6a6daa3c3bd573298d9

SHA1
d0ee3e963a162d53af6c2071b89a0dce25be9989

SHA256
a5c5f150b8013f62f337073fcbec58058e2f79a56d2ca0f7e97ce468215b1175

SHA512
7a9f7feb07dd21eb1fd628695b22715fe099b105e9c40450f2a554bd8465b627b030478ee34416d4cc4e4ef063459fb484377fb6b98c5f14b355296f7b1cebaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d92c64a37874c13bd096bc612971a3f

SHA1
f49dce3cff730d5d646e4b41c2f670e3c582069f

SHA256
dc132c4743f61afc1d8c8f12fe1ec63bd13938589f65471165c166000eb35041

SHA512
239ac081ad7f796ece0e8c195302e9cd787120dd8875a74ecb57787de93dd679580f9496e491cd3937271196d723c7f0a57aaa3163e0c4ef3ff21f3a732f1f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c4f034abea75014125e859530d4d472

SHA1
6efa82fcdd84c877d2da58e7709d90a8bdc5afc6

SHA256
893d9f115710f3aa97c74425f4b18fb13320af1f26718c63f13d0a9ca3f74771

SHA512
d97762a03fe838e88e0f6d1037a255dbd20db972bda7c611a8ebdffef699b9e34a1ccd46040cc6c6cbd9f52c43ae54818a74473eefafc349fafa89af531c4cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a760a7decfff2f4beb73a13e0fb0ec9b

SHA1
d452ec2320c5ac7c097e2ae75f67bb143d633b59

SHA256
3727cd4fc1b4c83bf8172015820d455b39baec96da442f8bf78e8a5a49325d5b

SHA512
9ba3f859dbf446e8634e43ea5754562e78940a9d2f66920e460c2b17f5dd94661c09cb61164865f653b6949fd57375a7eaaf12625bae1479f6359faf6d410757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9afed6d5a668ec0d4d68525641a82383

SHA1
174df1441a0ed31c465dabf092fef17dd66c6528

SHA256
c41f1ead97624099033546ed04597834d26bed067d194dc82dc4fe7469bdafe8

SHA512
c053f993b9def2a0fabed76d79c2d2c170fc961c0b727e57b3c69d32254a62a8603178625949470b1c422ada44f5a49f267366ffe54c3c76f6ed21efadcb3f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df02d788022e31000888e764f34cbc10

SHA1
9c731a1e6d18c450cc4e3784a3f4a25a720337f1

SHA256
46fc596dd62ee587698563bfd2bc3e60ba4b5f6548f4045fc0c9956b67ca7347

SHA512
1c1912df2e54db54728c54a50e546451bcc58ad2feb9cb3fe35583dc4283e9a7d38083d65cdcad7f27bd74f58c157fbb1211b2d490c765412b51cdbccd7303b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d476dde694a42587e33f30caf2b0d2e

SHA1
100debf8df5510ff1c7fa78a683b5f3a2b5ec5ce

SHA256
5b0068f9037c11b17a2b31c44294858c167b82f7a7fe23327454e61c6d6f7046

SHA512
34653f92f46edc79c714f45c868d7ebbf5942f3b10fc0abcb274df7530287d55d9f3ccfcf735a104219a3a252b7228c4c9e1c2418848a75352f6d8d553bc436b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f15f369bd5e555fd4327411f86a683e8

SHA1
6b4c8e8e309166d00092487283958fb7c5fa27c0

SHA256
ecf5999460574b3b5b7cbbdc2a61ac79d2734c82fa2ee605774503dfb09a20eb

SHA512
1bb2f4b07e936c1395d7eb36940fc9f5291093f2547d0318e5053d8ae4cd9398ef74d2b686af453c751efb556456658a007bbc470909e2f1533cd131896484c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5cbc86e29b73a35134b980baabf4f1eb

SHA1
c9780a3cb5e40645f67b5a6df2bd62be6159278e

SHA256
aaaf15c93f61179f7ba4a9dbd58cbd13e1e0ee3f910aba008db91db42dfc7a71

SHA512
2d6d490da0ccf7d546848aabc8259e5641cb2ae8c9e35dab5caf04fc945d9b8a04ce2c54e8bd54102d93bf4803b71c8ce0efb49c3540e514d2b03c722e96d1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff30.TMP

Filesize
538B

MD5
5cb8bff31e3d5722b9a336013bc83723

SHA1
46dd98074ff1105f39595bbe505c5991a51b80ca

SHA256
df384403206c116881106f2c4c3060bb8a0237b8bd68f171253ef5f9721286da

SHA512
c1828422037c973599ee1b8fb038667d3045379770b4be2c8c521b98a771826a567f1297c8a4deeb887d6e10083812765dfd503c6ed67ce3f4010764c0dfe5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
df2c3decfe5eac741fb529ebbeda32ca

SHA1
920fe914aac928472cc9d91b403255c7f1706370

SHA256
5342e4718552247699d4b134dd44c2df428a1a7989e3f05984e2424bf52e8d2d

SHA512
72f0484252f3b41cb23821e45096755dd06ea53f51bad3aa199d75bef7cbc2c796c8f609201ee499588e1904f81e31982ee635fc68e5ada78376f4281446bc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7cc0726f8bf0775ac01c0ab0f88a66e

SHA1
6e5a235fe91d7aa6ad1f08c3ffe4b80f6f090ddc

SHA256
c84081a4d61998cd7fe14f49b1bf9a7de29bf42629ddc4021fe14d053d00bd2b

SHA512
e8a17fec8413b7661ec0fab0507470e539baadd9ab30b389328c665fd9b09b5598213802eb259c9649297bdea20e086e3a23670e5c568fe49d00e3e418499777

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit