be0c7dd69f25f7242a93f1481aef94ba32119119cb45427008d0977e5f5f3b38

Analysis

max time kernel
1192s
max time network
1210s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KFC changed me (mp3cut.net).mp3
Size

945KB
MD5

ecb26ca817a54ca68b336b35cc028fe0
SHA1

06577e123109ee65441fcb61d734f22c9e68baa1
SHA256

be0c7dd69f25f7242a93f1481aef94ba32119119cb45427008d0977e5f5f3b38
SHA512

7b39318a4656f7cdb50175a6100c265cd884a918f7c4e4e679c82f47203684f8af04e2a21b6639cc9fd2dd699f5d212c971985803612b37140e318c0aa128ee0
SSDEEP

24576:PuMxWR75vWFx1p5qgdDm6WOMX0Zo9LqncA:mMSxs1p5qgqOloJ0cA

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	discord.com
4	discord.com
22	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-160263616-143223877-1356318919-1000\{7E07A33F-5D07-45F0-B410-F5B0B320AD1F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
996	msedge.exe
996	msedge.exe
4936	msedge.exe
4936	msedge.exe
3008	msedge.exe
3008	msedge.exe
4388	identity_helper.exe
4388	identity_helper.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	692	unregmp2.exe
Token: SeCreatePagefilePrivilege	692	unregmp2.exe
Token: 33	2784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2784	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 4312	3808	wmplayer.exe	80
PID 3808 wrote to memory of 4312	3808	wmplayer.exe	80
PID 3808 wrote to memory of 4312	3808	wmplayer.exe	80
PID 3808 wrote to memory of 240	3808	wmplayer.exe	83
PID 3808 wrote to memory of 240	3808	wmplayer.exe	83
PID 3808 wrote to memory of 240	3808	wmplayer.exe	83
PID 996 wrote to memory of 1244	996	msedge.exe	85
PID 996 wrote to memory of 1244	996	msedge.exe	85
PID 240 wrote to memory of 692	240	unregmp2.exe	86
PID 240 wrote to memory of 692	240	unregmp2.exe	86
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 4772	996	msedge.exe	87
PID 996 wrote to memory of 2428	996	msedge.exe	88
PID 996 wrote to memory of 2428	996	msedge.exe	88
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89
PID 996 wrote to memory of 2684	996	msedge.exe	89

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\KFC changed me (mp3cut.net).mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\KFC changed me (mp3cut.net).mp3"
  2⤵
  PID:4312
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:240
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc66b3cb8,0x7ffcc66b3cc8,0x7ffcc66b3cd8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,16547774475611159944,3390974523125929488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
608KB

MD5
84b2279093e25add571d273fa4eaddae

SHA1
d88eaed186e26edd79f85e65cac1fc1a58b08e7e

SHA256
31fe6e737fc1773afa379d0933c4d7fd53bb0222c418c450c845fc8a272f2664

SHA512
8142bfd85d0971ba227bb757352ec0db952c9d53055f7acc35577d2f52bfcf6a93eaf971a84a258f82f11615cbaad9b9ebe1db9bb0c05425a4fe84d470873d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
46KB

MD5
3701f177f73f2174e138cbfc3addebae

SHA1
e72a376265d716a94261505ef2956d1573130349

SHA256
ff358df343cdee1b2eff2213b9575903a4ddadf8fcb4780a4d5bbe0443f93033

SHA512
a66571d83b1bc9a4be8e202e3789fb209dde29d03d105edeb960b6a14204ead54fa896bdcca1bb69160fb5a7901627564cf3a3d5898ffacda527ecb1a1e764d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
1.1MB

MD5
13a6070c97fb5d89e985335be897d7f7

SHA1
f2491c79cf438f9d7b9c5e009f3f77ae5c5db535

SHA256
f092c109fadbd6fcffe08f0144650f26190f3d13a180de173e68ea334976eb7f

SHA512
4099db8431da2e1a4f2900c6a4dc65b35f37d26c80f64e639ddae4330437bc606099678e124e6f54bfdb6463fd95f99dcdb9e10b9196f9961a6375e61c2f1dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
19KB

MD5
023ae7b079e356c228f204fce4c4b4f6

SHA1
0e4398357e3308352330c5434be80f7242c9bb89

SHA256
e768875f407c1ec866edfe21d8571e64bf857732bc400d6aa4e0212dd25c3942

SHA512
adce7da4fca92788fc81dc578e1ea109467efb8b5c307dc5753bd41ef9b939273ce6088aca5fae87b0fb1d6183aeddd1121f637d009933ecf0ccc3fbb133ad8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
208de222f25601cb8aa9ac09c744d58b

SHA1
cd51f319d531e458f97e8af9f25e61d5cecccd15

SHA256
b17ee003641cd96ae50fafb5d13b85288750f72f157ba3b41b31f32fafe0509b

SHA512
ba69a5a69272f28654d560e34cdf1b427694f2973f9412f4001f8e24c3479e265019ecb115e0a8198b1303d2dc0a2d7de3252dbdd5f275187596f2fa153010da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b349b17d04f5a7d0b692831955ddbec9

SHA1
fe3054bf88b64079494321b39574fa82690df7ea

SHA256
37c1989b62ee4ae24846fda1fdbd9b213ee8eed42b3e36141fe569bb8586d220

SHA512
3528c4e769941bf6c32c0b12a80f49dbf21a6ebf32dba3cfc706ec618de310426899a4470ce6e65ea240bfd80b879e358554f3ed5e4cf99b25f455b92525eff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b03f29fa1e1f70b709f73a3cfa91413d

SHA1
6fb72fb85d7191de78cb22da74bdfd5d83259c4f

SHA256
3748fb995fca7dbc599e1b2491f4982d704a71b981f714e70b88878f33703cb4

SHA512
f64b662dc7ce0e26b471711999dd2b3c4f86f6da5a89422cd8a1b724128255f0847819c7974798fe9b2c65f156d03f047a109f5c59c06a79190274026494a872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
2a81335ff2824b8241c1f9982ffa6f51

SHA1
7d94bc4958b2953e1343058ebc1dc248c2ea972f

SHA256
657acbb6016f28e197a45a2bc91ab631c00109fbee01bd7b6b87ed8c3c4b82aa

SHA512
24d926d25707c23e32878e2db59ea019fa4f123ecf676970799dc9ef0a63dc748170679f0ee2dcfe48ccab33b8f36ef9cefc3994d441b84286e14d43d06a8fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1016B

MD5
34ac6313e36f66c1d2dcd40e981735fc

SHA1
aed15a7f64428771834e5792602633b102761c48

SHA256
f529821fed9a48c6fa517f8d87d5a9d02b7ac51736fa72e36e1cc6b0f747f566

SHA512
175a6531a1713834122dd71d91c33c30480609d893c76b83e1646109e43aa7b50eb946a309abe4b8872b7bd87eee65b38fe2bb8dfff109460387774ee4968e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3931976d434bff6f51d38f7e4ec3ba7e

SHA1
634cbe61cb48418fc19281018dbdbd8d07deae7d

SHA256
f53f3738638b8760852d65475dc815e593040dbe6fde1a2fa41852ecf1438e21

SHA512
390f8bc49eccf46ee0f35485d9d2d4defd857c0d89df0aae29f0d059589d19ed8abda1a95a9fff750701d532ae083f55754d1ec6146783faef2ea1776be59e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5c4de81f70260a768ff1074359d351fa

SHA1
cd2074cee431dfe4604c6338bc49d476778b43b5

SHA256
c20061e41dae44503865a5989e9d8323ad5f0822559c7bd6dd9c2dabe21ee18b

SHA512
fa0b97b6dc44ea6d5182fe049159aba5506dc91d2f63e3615602a6926b94ea18eafe5655a4e155f732cd89538858f7400316ff9aedb265fef6944cf04edd1bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6bb6f9bfa6d72fec4731540fb34bda1

SHA1
0db2ee78529853ab8c41cafaa3448296fea12384

SHA256
903a6ac07f7a760b4a227beb687f1aeb7882f08b7a34cda6b4d50dc195d2d520

SHA512
7afa4a1ccf752080ab317a80e8023c0397bd920bac9bea1dcdb73bf9b4a8f9674457730aca659d0adeb6a58d89f5112e6793b8689b333f81ccd9f274befab7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b15d690e920fc2b3b2b36f3a71b1aea

SHA1
4ff176ebe19e3837b45fb6047704f568624286f0

SHA256
968fae603552934eb12639919e1168360f549d6b77a7831af1e53cdcd5649c61

SHA512
178264dd0656099a19f52ce3f0977b1f11111b06434ae0772be1647676abfc1d3805b27c29cfdc658b5c42548be201a3a4ce330e8c8605041fc73e29dd2b444b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a2f739f1f1a8f62572af1dd8b9c72a92

SHA1
80ab085ad3eb43f35c9f687ffcdc208d7ed83212

SHA256
4150a46670b0b923da3477757e66269739f851c6cdac9d590de6807f0d62fe78

SHA512
6d08f8d917c73dbf3880e6f88eaf3a393988f58f47d942f705b8956dcff93bd0c4f4886de896a24dfef28f3f68cb2803357003dc51e807907f911ba46f9e76fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
769585e336c214dcb83f8aeed5e13180

SHA1
735d54ff1985361e435bf3ebbfab587fdd4cfc0e

SHA256
310f8fdca38001be4149b53624e2642623901a2a2dc402fafd5aa959941fa755

SHA512
80a6a30ce8ffe057e3cecf0b4b196e75b26fd4a120614a3921409291304042771dcc3fb351a3345d5ba53b01850ef243673dc9853287fa79f6abd704e7325337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4851df4fe62aa8b77e67c80945c9fd83

SHA1
81a80f0e19d15ff6a869dabf96e0d9b962546123

SHA256
ca8e075a9bc6b862c9aef708f3be4922ebac9e434773d942b53d7020f48fe312

SHA512
3f96c0b7d74df85229d13fb7cdb1704f7e30b88910af5b7848d82712830cf1b363cd5d76a8b9a57ad83df54412b799ad0d68166d0787dab858485fcf6aa9c9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2a0e9765b5079018e86ac3af3de9214b

SHA1
3c2594e4d74f554750823a25d3317ea5ce478f10

SHA256
d4def09112e71bb4e17ac82368b2b7e706ea2933b4ab168c6f5b9b98b66d441c

SHA512
40b4d3a20832cd7a409238c90cb0841e77a9c651f3bbd463a3975a89b48041b2c029f7d6a959137a543687f8255137c09e15fffb4b9e5c71f2ebe520b4cbd36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d3b12ce7281e01ec0036cf34fb5dd5c

SHA1
7377d3251335afa94484007ae95ca3695c42951d

SHA256
3cbe644569d8ce43b6b5f336f2d46f3c1b7d08175d0a5c93f59253f56d1ed915

SHA512
24b95e83cd4a8b8d8512d80af5b7da2f5d77c82b7fd7a992e6e719f6f621778f00d9ff6cc35a497e5d5e35bab598a8b067ee7a0fe24439ad1eb52a829eaa4419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c1dcb5c8045a467027293f54015fab0e

SHA1
39962eaddc5d2e42a872256649a3ddca277ac480

SHA256
3f90116308d25a1ef354b83ec19a1b9cdbf991d1da2ef9ed728a7e1f840cf40c

SHA512
245559379c8820775fd5ccfe5a2b75694ee75ef7962c44ef62e5fa25e3085f10efab15e2c195e7da840f16472836123783add51283efb5a4684c74a00bc47f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4f1ca0f5343c5723de551d6a8c6a9748

SHA1
ee1718b2e5d62f87de18645656c465eae04be3cf

SHA256
10ede9f1be2835d498744b449cc4cc2ebf8ba40797d26bded65baa26dfb99229

SHA512
097d0a12227be832b35ddcfa85754c0975612134baccba238106383a2ec5dab9e6fddfdf1fa97e87497f67b3900f3b463c8d35be79d059f6dc349439eb9ec80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
78d5dc3fb50912c7064f3c8c5d9155cb

SHA1
8c0649c2cc7c37fd75683eb1b8acaa538b289d5a

SHA256
1a894747bdeec44466ee05f41fb919cdb12188c00e4685917bae8e51c9dfad6c

SHA512
55da7ea3e04b9b9ec0dad67435b4111ba6370d1e9392c6d5a4bc0b50dde3b8acdd7886ec956323381f9a820cbf0eae1ce63a4e85c05817e106737b0182a5bb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
751d05363ae84d2782557959b49d31fb

SHA1
5c0b8145fad123f88f5eaf7d5e001f3fc5691e93

SHA256
40f1b4d8db87bc9f9849b659b42f9fce8a681e18d2d30511294a7a61a8bdfa3d

SHA512
d2da1611be191116c693f30d786a7ff774556d9fc55085585e7dbf156f130917066fe544ea1b52854e8b2507ab05283319898489653521d7ebc74fdac881da9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
53e86818a1eeecbe581093e755efc456

SHA1
f098a171490aefc7b716d99af9a0853df134268a

SHA256
ad9e3ed99edf3f14294671afab696526d3bc74e0baab87895c0185199f6e9c4c

SHA512
61d597b40ba7764c2e85406896903924c71f21c001cb345467df6a52bd8c495bed6b5475465eafe7fe377ad1389a539bcc6bcfc9075c2e2280821ece6ef601e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17ba0c1852eb10311dc2e8826be474b5

SHA1
321001aa09012995ac84e03bc2bff32a422c34c5

SHA256
9d45f7c98912d07a679c913ef5a28e021f99eb8dccb3cb9802370ad69143253c

SHA512
8dafb1770c4abba90c2bef3565c1c262f59f1402f72f029242e37df97fb6247cc21a47595e0a2591f882ce275e1cb48f8723a70dba119e2256c1ba3420654981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3eb01e2bf0ddea240e14db7123c01105

SHA1
79287054e9f0c46aa00663f95942dca1d251b903

SHA256
def4a76c41d3b9d9966dbf88c523c9c339538527f3ecc03ebe380f7fb53c5d0d

SHA512
27b1c3c9997b7f1f81aca5979b8ecb2fef459b20684ded6f354ab5f227e7abded316684b37b9408e437fbde42c1003ad1b196cbd24aa3068981cca48582114c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
42b873d70cbec977d4d3b293631c20f3

SHA1
1161b03db27ed83567e0bece656af71aebe3f574

SHA256
c41a9fcf5d9e0a7c33f443a0252ff91ee09398c644e874f4542755db1eb1ad50

SHA512
5023a7fe027ad1d4a9eefcfa514ef8c82c3e84a3c0a60addd25948fc3d6f3aff16a248939cd1d90e91aa220a9aff28e960ade07eb26c9a7f593034afa3bb12b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2d02ced71d184194c84c920cc1b43b3

SHA1
d80837206be03ac61549fb5668d13841a6d65388

SHA256
faaa42344f5e7993fc018c865b61ed0bf0ee46ce0b35d62f3db50f78ef846f95

SHA512
0a3737cc3f6af537c739de99c4f3c72b64cc9dc953ff92b05e141f081ae3ea3341fefb4e9a884eacbe99b48fa6236bcd11415c8cb3e57b1e6a26ac63726bc4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d4fbbdffede9d337a69db3566895dc48

SHA1
dc3d44f952bc4a36be2edd68b82770232268a056

SHA256
1d4e385bea069ad2d2d48246cd6d9374c7bd410e66b67adb518f5e0a2890b1ea

SHA512
70761a2ce8e3e1b87b3b2383148e553b1fb612d398e7059970b04201ca8815f02c026ac2a40698af2ef4f3d0b29a32e4871223b4b643a72b88de5722b1ba1af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efd78ab1c90978116dd9e66412592845

SHA1
f0230047d4cb2dcbe72a2773bcb72058caa33cac

SHA256
a6248af9d583552746378598adb4cac2ad00591edb8c29bcf2d63909758a68d6

SHA512
67bae645f56a329d901df3f3ba89cbc4d29a49330aa02310d445a7444e05805d75dab7201aa4604a7052feea64532b0412252a7751fe8a050eccfaf59a05374e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1ffcb2c553abbf5822b879d28c325897

SHA1
1f0606857a37a47c0f0dd5dd0a691086769e711c

SHA256
39b6714a2b1a0957519225fce28f6c8d8941449e69136347e8db6a8185c0d95d

SHA512
d3720f8350da49351404e4d5a4b50c4551eec838a98635493edc2d97c806ed8252e000bc9998faf138ad0f03792cc095b195c29de342183366070b7dd4f4dc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d2638b162b43523832b0d72e8c897869

SHA1
04679cf3e8c7c1abbe023624f24e786fef52feeb

SHA256
58c4ec8c3330955038831d39284502d17051c52018d174240d2cf13a49a6e505

SHA512
65c826b52029e074f38b515ece4b9d7b77de6e5717a95a32a6a8d3b5cf8892f62621e9504445bf309c6f5d0fd07f2cb24b8bb51d808a62700d95f395a64c0451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
24c3d6c3e02793f8509c67f2a89a80ea

SHA1
e28eb169077e9aa1a60a081378e8926bc7202c4d

SHA256
1012db25fdf19463391a4ae08c19848db38665ebdee4ab8996049a74d1060e72

SHA512
279330cff1a26b75b226519749113259af4bdd89038744c9e8d724efc3ca1e84a60a04778a462e22ada8d48258f9a017142a44805ca7e66f5b59ad0d09352f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
65ed70905d704e5da403635441fc0806

SHA1
618c7e5afc1b707d1d782d0e9988d99edf824761

SHA256
8e25adad1f0e46660603fa0845651dff3b4e7abad426b541c756e487ef873c47

SHA512
1aa70ea1328e194d25dcbbb3a67e44990264ed29186d230ea5ae7ee4e3866a08c608420edb152cca28e59a780002ae8ecfaec3bcfec9df2e1a49f83d383d5d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
01bc1c3430212f38d99145405a8c5210

SHA1
a65ca038a81d256c8c7a3e24b2d7f38bc5c14f0c

SHA256
e7a12ff898c0418d7d5fc3610d5b95583b48c70de12cc380bfa856080f3c4069

SHA512
da0d909a9faf0baca50be2b7702f5600cc7cd7e8e7a408c583ea986dbfd8aab0c7585f4a4fd821698cc4aa6f2f30e70896e1c992b0a5051b0fbbb607002996d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
7b5ca13291d475916ab65935fd796f4a

SHA1
e41c12185e0353d0f7052f2b91268af073bd80f1

SHA256
babeb686774849e17f9c2f023ba7c402803af39e1fd77eb28cae9a2086ab8a80

SHA512
2e53864dd41b9a12ae06a2601453934a964d236840624523331ec045c9cb545efb48ae23f851a88e4104c90d9882bf36d0379564d0cd9170b7cc2860e1845c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
0fe38497e021afa2d6c63c10b4556a5c

SHA1
aa9cc759c808d396484b4871d02a7b8970efa273

SHA256
27c5f89491f9cf856e58b3c5c18cc715a34cdd46a192833eeb67a68631ec5689

SHA512
9e8a946c09347b213cb0f7f15bc5584603eed3f07a822cee701781a4708017ed6f2e5ca3f2f49d30787fea20cba9ca874211e5d213e12734ed4e1a0100d0c6a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
b12dc2fce029cca780b579c5c7818d6a

SHA1
db9f4ec4d0c786c77726bc739438421e1436f0e4

SHA256
ea8a30c9ec82e2ad68acbc9270770463cdcc1ba38941b89cf5408846cf5edc5d

SHA512
e2ae7c49a130b7cd03c144e3a4830f1af6ae79a6d40ab8e8b679c0bdf2e4422172268d59d6b958f96967a895edfed6070933279ede2ac2f988b576ed987ecc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ec32218e3688ee3f2187355aa75cb462

SHA1
7be5e1e585cb575c47de1bfa1b187622c99fde53

SHA256
d119a277f47c3834127b9ce3e8b054aeda31c0de7b1b516afe780f442b0a4fc7

SHA512
ceeb3b513dcb2192c50f0466c1c8ac200cfc11c99ed0fd01461e4fc899e0b7d95270f8e6c52f763ee518d47d1bc8719f803bdfcd1a6764b555c668742c7c44f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ec129ea4eb3159a7a424f1ac2cd17ccf

SHA1
b149156125637c89b260d06442e237abfbf5eb16

SHA256
b025e421455a9a2e314d6be0a56672b8834c4e1b2705c09707ef6f7ee03a4b37

SHA512
0d75392ae7df33638a1cbdb4bb68c4f3f1db62a65b6a655c61b602c844476287cd7df9147d6b3fbb3ceba552ebfa6dc777f7d1339d9cc61fd8e87d7d578a2fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
00e5b8409c1171f8221ce2b4e5d9f79a

SHA1
2e0c5786d31516c82cfa3850922964baaf33e50e

SHA256
711687933f53b2a0f9734ac12e6f3b32ebe3a253384ffe6f3601bafe0dbad017

SHA512
e483e3280d45a5d0150c0ed20f51f46e90f5ea342585ef20db4c29f76cf16817c59750587fd8c5286b686cc908a48b06e34be7d24d153a96c9f152f4524386bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
e46cf153c80deda6a0a901ddeb81f136

SHA1
d789f42d25e4d26756a5ea91c2ebb4e71c15b727

SHA256
c45ba7b402cd8e46625dd6222469f4fb2f0f28fad16fd21834c341505be34d72

SHA512
724d199a37214992e0249ee7db28d4cf053073603dea19f2f9c13334ab2f949270c115e682b2d48ee82727f6165c0139d92671da411c5cb43e01512a50505d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
8864401e2e76c6a5c77e9f6038c9dd4a

SHA1
1f7d5358744aac1583c699cd25f5e8d90a43d03b

SHA256
41b4a3bfc5712eb11544e5b0dae747ebaf72a4defee925b24f9a30628146a493

SHA512
60c47fb262badb74405158c4b9ed58cd1914ba1b01459202cc1715625c8dc7d9843ab5c33ae422f6fb65509f94055e06ec1faed55c1c9376df7d13fed7fbd7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
950bf5a226412cdd3898d2ad93337ebe

SHA1
5e29afa57e45ad247b0326a309efa6c9a1c11bb3

SHA256
f3d392f0117c51d92aa7117dc5929aadb29adb3b6aa639bffb78817a4033ea19

SHA512
ac0152ae721542e26faebb99189e0a45c2e02975d5777b571623a07bbbfeeabdcee3f842a5c73de3859afc133154962384d3c625cf133141f41ee64f34d95764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
aebce4ac8fed3642fd44731a4dc3921d

SHA1
3451183349287a98ca8945e115aa92fcdeb2efa4

SHA256
ed4479f5d6cf6c3e440f51aaf36124ff527a87557e635df079b43f7f32031064

SHA512
122c33cb143cfe77dbabba3b4a5ef4e3963dcd6c2173d79e7c6307e8560a83523b281a5ffb4a01492947556b01a0877def80b664263500c72f5fa8454233c77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3317d97a91beac3c78e31318a15d8c8d

SHA1
fa3c0f353be1cf64246c128acfce9b5482f8ace4

SHA256
133d3d8449b6390a27594646133abe510bf6e2380420f0ffdae0ba7ef5ce71f2

SHA512
8b272ff5f0e7af71f4303f1060cc3187c344a2f1dbbfc893c3c3c4af5a555d0d242e2d379f7fd81aaf103e7f5adbdc3937378bc6765cb781f77182cfa372ac76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
22afc034d95f7802df2f26c77a1a619d

SHA1
ce432fde14d507f3c6a5e79047b8a6490432e2a1

SHA256
3af49210cedc7d2be8da38cbfaab0cd6a7f35d4bbb67a6d6f9d629bbd0d3560d

SHA512
c6596d76e165d548ecceff1cbb45bbc14959481d56450d8626570be72fc49241f7bd7dd28c210abb8064303f1219c93cf3e9f7f2fc83eb3c10fa11cc085dc34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2e3b2b9e19d663e75cb388b6dd669356

SHA1
a4eb0706ec00a22dd6e15867512fb65f337419f4

SHA256
b43365c93be237e59886733a9e0553fbea1d1375b12a905f2d2ed44049223f22

SHA512
227d7987cf7c56bf68f6f9544535b81c9e751730fa677a21d08a8e015cffaf12f57995a046e35d8fdef5e671cf76381c3ed86707cca4f9d5cd462a6bcef482bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3d9000a3063a2a3253e8ad84343c9704

SHA1
167bc57d64f7a9b5a473b0770ca4679265fa5aad

SHA256
c3130ad2e8985791e47cf09090ecd8ed6b27f33d2a714bfa5d88480855b0c791

SHA512
209e14910133d315f853eebbb4885e8885bb588fca38edc1485e3077f8e65871294d7b89a5cfef7ede17e1ac86a733e6bc37f3b2b0088d112493d2c1a5d03d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
c3f0a8149e5246bb9accb827bef55d33

SHA1
695ab627b853fab0d7f141ef75bc5973dbd89ab7

SHA256
37e11d9f39a83be29b4da7253066b8e9adb9a5d5cce36daddb5bc58ef6b58bed

SHA512
ee7bdd9617f8a187f886e04d56213ceb6a0791396da35620b54f023178f8997702a4726e13b9a33a555477b20077df1e234640a37dd71561ce24f040e6486696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6cd3ecf28dcfd855f553fa1fe9d94b28

SHA1
f5333fde070944e5359b7a2738c8ea079b998205

SHA256
f6abd76354956ab1d3eb298e1b696bf7864a6582be16af38a7b532c55ffa3e68

SHA512
66b5658d5aa4ac9c3e5ae58f1b0710ac2aa988df5ee266cb6a098f6502efeabd3b31b92daf1b9f76417b5690c828df5f0f8f4d10014cf224ecec35e3ce803fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f10b1a4247f8146d21497916c8320ca4

SHA1
0a3829970b3d29c37baa8aa765726460056bb3fa

SHA256
0bd22e4d255936a417deef4c8e293e280fe87bd289b45087e7ccc39cbca454bd

SHA512
a88adf0c464d14a92e1f7b0d8a552f753c2624b574feb0b1e349e453445510769fe55ce25f2bf091d94526337bbc7078cf690bcc1a1748f9af83ec6d36bf6d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7c9ff73f7eb861c7f8036a966c86b316

SHA1
384d7c6b777417738b30272828dd27be250c7db1

SHA256
1f51f193e71709fd1709fbb47a48500a975c9723eec179d15cb8c8b54fe0feea

SHA512
1ed790464f68b4b814bf711eef3468be836a50c6a9d160640c60adeec59bb757cfff7e1653c5d11e28776a7184ba807192a62699b32f365841e3923e094e53f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
59ac11ad4db39275e7f6832362a251b5

SHA1
450d9e304c29316b550db60bf326dc07d0df3d6d

SHA256
43bdce59793045e503a79b04fa466e59744c9dfe07d738622e1ba2f9b4e6c753

SHA512
980e68e262e877c4f9a82f2c7523c19524e819f5948de556d212d2fd61806c430ecb61cef5fdca440d73e38b37fe1decb48ede384fc412f7274545b3f7512019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
40d38c87ad969112fccc88c6a8b477d9

SHA1
2bf64256a3c71c9ec54bf451f610e0c1547d4187

SHA256
60134555e5315942858836d0b44d3357a41f792fbc511e560e07efc61f2b15d5

SHA512
39ead2ceaa80ae30d8aa20558f2bfbf9311de3a67a17a3c3a20223d2f909ec5afac35aeec6ac417be71b3c85c68fa1c274181809f5b74a2c4399d008b727532a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
27c5337796d9622a2d0b9df6ec7dca42

SHA1
4d793b6c62924b7a20c305d62b2c829859c673f4

SHA256
147280ead708e8541fa7105a1469fce27b5878b162a3459a575d99b314a27857

SHA512
aaedc40e81dd2ac94774e44760f3035367fa6783cb2ed570289f539c5cabd1aba11b452ba9eeb2d27a69082906fe0f29689829203db37e479bb3ff79e4f52886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
7eb7cfccc64c14d00625c640d1d25460

SHA1
b46ed9f37b666c8d9131bf8ca96bd7101361ec09

SHA256
22d5a89deade27a282af9b16816dfa83b3d972d0ff8763375b33a9cbd943ef99

SHA512
c532a6894b78618293aa6286e6eb4622d59bba46611098b3398d5e8c8d992d8627263ef4148a6f918613c1887070f49792d2879d85becd86c55c6eddb1251ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
df643c69f1653f9a8b168557deeef1c8

SHA1
de9b40891c824fb4b9861d2403db723b7a8e523b

SHA256
1b3979ebe50f7607c2edabc224e38a3b55c22c195ca2b2812f985ae156ab7785

SHA512
117b62a8ec3b5b1e0fa2c0969c4c2b90f7df1af5607feae84aacaac9b4933bc83e06f1e62a65d4fd77df43d4b05e82bd708fb7f851c9d6536e1584db1b69d4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
9a894b49c9a6eb8fabfee422e620727c

SHA1
93d4d2d6891c18e568cf1a5579e661ffad6d2733

SHA256
3d24a137e267db368764248175a22e8b1ebd0bd9d9f7a14eb6d47c6742e97332

SHA512
ed1ac93c0750a6b37d9b2fce7804888cc257cda9f356255c52bd859ed476a335dd476b60a8f29f751ea4c02c85aefa477975cb99e661d2a53c9a8fae5f58137b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
4c6dbc4fe80f5dcf3ab0f634d0134dd0

SHA1
b4fe4a39367150549fbb766fd3fdc324f24df7aa

SHA256
a8d64301552cefde61ecdcc9a563445f3486ce18618bce2d162293364e56256a

SHA512
9a1605444d41353a7820dde9a0a215be6e1675e5375cb656d74cd57ef1713e2b8b618cecbdd2104b045a75a2af0891f6d9a7e0572ff3469bd50e4ced85617426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
a648a676393ec95d15d0c91a8b6c6c96

SHA1
fd5a37a7a372bf20d7c13afb73c588fb2f543386

SHA256
2e122fada411e6c5fa047e8a60e7488ecff258cc40a9df8397e4dae12f07d8a0

SHA512
aa8bc1493948bbebfa86d6569b7aaf43416be3dc6197441a90a14ad6a756755f523bc892e5491936e8bf5556c924432432d52e5d1da997075fbcadd17420a767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
6b350d4a2bc791bcb0493acd659993f5

SHA1
25d4786a12e41aa3fe1faaa48020288249658ddb

SHA256
37ac12fe7ccb8cbf469b6d31664162f3b7a3e6d7e3112357775afcf6f3abee3e

SHA512
b63376e3bfa518de12fcf7b3a9a1aa9b13cedb806a0f0695f3dfe154d9cbd5cbdf5209e300d9916764c7d05c8d78514d3726b7e6000a216f74756476dcb295c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
9a1f41a881fa20a0261e31952a8e0a54

SHA1
cddb97fd468a6fbf2086b3b876cce715509f9b4a

SHA256
32c9bc8264abbd9f036049d89e0351e676d4bee77dfca3089ef9eb4f343fe799

SHA512
4506814c64c0a694c26eb60624d23b7e65547be68e471ceffd16a1fc927da7ced046fe93fcd10c177db108cc86d2cbf20ccd74019e78b154aa4cd6b8591db7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ec8670bd805312dda04517853b0249a2

SHA1
300f907c11d575ff22831eca2728911f3ec00045

SHA256
f92e404a414d958aa7566e4c9810339ae540181bc3053fa8e87c0633a4a44894

SHA512
aae8ee0488025bb7f27d4d0da061dcf765b2e51b73a4b72abafb127f04cf0959b1af0d3bd5d57d4f46636bcd89519e4312faee9aa536bbc800f6b6b213d826fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
a6dd331de3b6c4f30d7e1174a6717977

SHA1
1b874b9814a67f32bfa9d55615b07806669f40c6

SHA256
fd372a32e4505610a17faa53bf76724e21c35ec4d62a31a77c66b29512929df7

SHA512
9e71dfa633c9fdb7b911d7a497915296c085a4a1f226cd166bad6f1ac8e098fb2d7d8a66825830f3e6f86160b2ce44bf5fce3d0cd8b3b46ddaa4c9dc294504db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3b5a175bbcf9a359e9d448a3ee87bff9

SHA1
fed70e4d69afe18223b511cc01a9960b53cf4a37

SHA256
09cf4faba4e4cdc9ea987c05b0321ccfd0dd82b770c79f3d12a7e995abc6844a

SHA512
19fc11c86bb6199e08b8e68f9dca2525d32084af756a3af3b1d31f70e7390b3c3535ba2010b17cbee19e86df34a034152ba1b2d9d56bfa1f0662921d8216f9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6b02e8f9bcdd6fa4f40632e4ddfb663f

SHA1
0aa23fbeb0a9b0d16884a9191e1f53c768099519

SHA256
3d8ca20fc05c02cd58f30572074ca3e2b121784420f0c230717304b23b35ef41

SHA512
6e29ebb6bb7ba329d94fee932dadd2746d784730e89bca6d33180e0ef5979f5da423920ceefc9e56db94aabf65356c504c5d2341f8637bbd0bd0ee4db2cafd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
71ce3375984a1124708df99f11a9080c

SHA1
60c9a21bc9d399602fb8a87bc9b513eec104a307

SHA256
1cb2d89029773fd2148a112f2cad883fa3f08c55fa36d7e65bc907073832f8d7

SHA512
09e6ae5599ec0980ccd2e19ecdd731ada819eb5253095be765063919b66dfb89aa0642f2c1a9bce5d252748d9531469c9fdb6fe9c0237853fd226c80455f1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
6d9dc7a74c28f113a454280e68904dc9

SHA1
7054d143b2f7744eb22676d3a782404b805148c0

SHA256
a093e330fbdb4aeb0b082ffb9f13bf6db377466498ddaec2a1d2d97777754b90

SHA512
b1f734978d4576bb7bdf120303fe7b05a1b47b1039114707fa3044f426e18f716724da00e3eb5cfb407fb009f1bc2f32e92f3b8b04ff4ca5fcde62bb1f4f4b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
73120565920226aed91272b089eb3cb8

SHA1
7fcec0455782f6f178492d5a1bb31e1415f89e82

SHA256
9db521fa05974b97a10d6f48aa2f56c4716a44cce68b5fe1da9b8c98a52b05d2

SHA512
f9247c38d6da91cb10beef11a5415fdb779479301b9288fb7805b514709c2fb450e8eaa54298e1a9d7ce336c75cc37b3f0b663fb4d3d54b72293b6af73d1bf0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
57519795b16e26195c1c14d1f1d6d6ce

SHA1
14b625f94ab83f502a825e88481529e73d91b24f

SHA256
d0e8119236af7d1c8670365e0e831b8f89db41f08fac60ec802a4ec38ad36c1e

SHA512
cb899742541f3d7bd53102b918c9c0407324ac0ab1c62dd35237f1c9d9802f3ff287ee4cc0637f44d0ead7f3a80926e322bc59d12ac442c00fb38bc882d82bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
96ea464e56370e28056e095bcb0e064d

SHA1
99dabfe65131dcdbc74da4b8666d40a2f4e03366

SHA256
4da771164678bd01c9ab4584545d8a3635d08e2b5509df35f746eb340c368733

SHA512
696c22f2e0dbc622c8ed358a81f42bfc3a189e49c3bc0d0d72eb72875be45148c1a4d808b766b11927bfccd52b9f83b4b65b63ffa934d0d36bc3bdcb8f8f903d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
90ed9192f592e162b769224a9808c0ae

SHA1
32e01079c2d3c3e2418d6bd32ab88b5963dc9f61

SHA256
a065aa825b16863b96b748b15244d9fecd889503a0ce6738dcd0ff5ceda0ac90

SHA512
fc13b129d6dd71b74e52b27d9d23c38cd16eca0624b5a522fc35ef9727f9a394385fc325992942b529dd61da33d8f8ca952dcd9af378d1dbf3ec33473212b04b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
a05697a490db1ae0a7947d64dfdec103

SHA1
b7d8dcc590f901f3077273bd153544edc99644cf

SHA256
856bb58cecc87cfaf6a796c5b1bf6972bf46abe477e2b6905192d6ebeb8bef3f

SHA512
ec3a68b110ad8bcca1a28f26f1582a9f94d770ec711a3f3813fadd5c600b7824104902e3fc13bf016544bcb6a31a4727c3933e465e17aa6d27f0a8826657e5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
74ca0020d030a8311d514eeb4987d18f

SHA1
3f1049152d28212bb51d22a127fe16de6a5f12b9

SHA256
181bdd0210bf063fcc8df6cd21f306164de5c5cef62ffd37f4b5e98f4fb4fefe

SHA512
27b2ae4345ff5974dccbd01729f1a9008c0369ab0b078a8ccfd0cbca4b0782ffc56fed325eb36a704478fff207cc6d139e46674ef474ff1df2551e20dd5f85a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
828f03eaa8578a0c4a069494b89d05ed

SHA1
1e76838936965f4924bc15431586fd3055cab749

SHA256
e3c42ea3fbfd198b0761e0b991e61c5bdd8de8edf75057524a75b2286ebd9534

SHA512
a15263c377b3b5192eef1d2dfa5c55d9e097f2677a8ef639e88559136ff3e5cf51dedf02c188986977a761492e3cab4eeec5abe8f8c646338395481b8d2c972c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ad2af2308b76379c46ce40af9c3a81b4

SHA1
6b7273b6f89c9ffb1ce81c696aa87f481c202f66

SHA256
8c50f0f11d9e7cacd637b86965ca47fe4039efb92a9fd2609f41cf176c7daeec

SHA512
6d46e3fe46c85f3a1bbbce678dd22840fc95fc09834f67a67bc31d5a0e2c7d406a1665e1809040829a5d45a8990e471ebe989a2d94fc17e7eeafe11e780cd2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e4abbc1070416ba1149af9208ec23056

SHA1
6fa03c229475225143bd147fa59c2e53f823a794

SHA256
535b31fc78bb8b0e314bc52dcbbbec5cf442cc8006c8b4dd852a0f2fd40e27ad

SHA512
7f0fbef7971fb2c866c1972d161e7b6b8af4e372dc894d4a41ebee3e33f92d336c8d73308c49204f670e10dae40bf86a203e4529b78f3159f570ce4fd0465697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7394a30c6f61a366d3250dfe40f7f880

SHA1
d41afc80d79ec45424fb6e9ec83d6127c1476882

SHA256
13f7de7fdeb7106c39e387e5eab76a43c27fd220794634a4d000e0d0dac4cda7

SHA512
3e7126789d8dd9f1c5d53dbe5d877e9bc99e584ad704a58cfbb0a92b554c99fc3e4a5761281a9fe67d54af4dcc0f7c4e8698595f62fe2eeb279abf6804a9f23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
4a1c222ad5e41441f52d3c6d3fe5b45b

SHA1
71ea7d229c8f0b131595d8a30b21d1dd3e943ca4

SHA256
6d0e6ed6789f819cb52bd83c5ee03002df080b5e8f1053c4f7b8726775e21717

SHA512
01ead6be082cf47f700ba26592ae0c78340420db7bcc74e69d347db01b9c7a042022cf2b84d82c8c314eb85c0c2a797d54edc242d75eb5acb3b4981a5d867b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582565.TMP

Filesize
203B

MD5
0b6243c47f7fb47dccfdcf347b2dbbb4

SHA1
a5c1f3658725e756845269c7a48c29bab58105e8

SHA256
bfaf1a351a3402470f3fc25b5417b81db6aad5db20768eddab0dd1af55a042ce

SHA512
5462af009ad194e8752e4778837a8b546f3eed038259fdfa0a7b2b83d7aab47c66335c33230a47ea318dec85a5fe28a17aa7c5f9a5701c64a48523889d5201d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdb07107-45ca-4acc-a98e-48c3d19f0c5c.tmp

Filesize
5KB

MD5
1cca74c40f0aea6e9aaa1c79287e34ea

SHA1
9254871a0943de26b5e83e16d1988f788a2774bc

SHA256
166d627ed498e559e7124c120655ad9369cc4b5087e142882125007da3a59eaa

SHA512
d7ec9fdb6b0e70d8b6206f298c3b59d4859f91fcd047476a45df269724f074f8096cb71366d062f3618138255c2f5feb7662747d04b30c45485605ead0fb6083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9260fe4ba2df10c553c246ed49fb948

SHA1
6095c7e8b3631696bc9da8a77eaba91c1147e661

SHA256
57f3b9ca513115083ef17a187e95034f55ff5352b5f8af4a6c1e49af4869c929

SHA512
6b842ceac65a0827f7e29c054995185e00b03ab9b4aa098bca89f235c593941982d91def33697e855e7f6ba508a446b56048e3ff91376e4c33d76223a273e297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b2973c3748a8b2e2e05b4c66d63236c

SHA1
eb0c7f85a95f539101ff26628c1bbf32f391dcaf

SHA256
4066a4a3da942fdbc08f9c1ab762b5c9e1aed896e98c8b27284491bb0024e619

SHA512
4c1d14f623f4ff4d5bbf9e81e0a11393db7d52585b392603de319e57030a932a7bf3492b53465cd06a5efdbcb94a546a3b7ee38ce6dfe45217163afefadc7ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
419b507a02884ea3e0cbc7bc063e3aaf

SHA1
8d6d751e62782978217dbd7c96a6ce61b4f571b9

SHA256
0ecbf3bae722f48d6147e6ff1b8b2d81e77e45e5523e83e4a47336e916efdf9f

SHA512
c3983e06083a2659b49240003521fcf538f3c13c486c4ec57e590cbbbb46fc24db523a748e9e284e3bcd2d6f305133b38ae74e6150dd59a6817b70b556abdbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4075b66fda39bb8105eb818d3fa4df8a

SHA1
c5a9d2f2d9529ab640f2ba358090ed2a2c8df62c

SHA256
3dcbdc3cffb4a14463962554f55f135e6915e3abe2115ad0e4f91cf33f7408fa

SHA512
bff1e9036ccaabecf09b0ee42b742d22ea51a25306f9a64eba08b148c8219251e8beaac6208d01c54a5f4948207eafb0a56f555b6c754b47b5e1af7ada473106

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit