hxxps://blocksmc[.]com/player/s5an

Analysis

max time kernel
2640s
max time network
2699s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blocksmc.com/player/s5an

Score

6^/10

microsoft phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
219	discord.com
220	discord.com
266	discord.com
280	discord.com
281	discord.com
282	discord.com
310	discord.com
218	discord.com

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{798F59C9-3275-4285-BFE8-6C76EAF151F8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
1872	msedge.exe
1872	msedge.exe
2836	identity_helper.exe
2836	identity_helper.exe
2628	msedge.exe
2628	msedge.exe
1284	msedge.exe
1284	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4268	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 3764	1872	msedge.exe	80
PID 1872 wrote to memory of 3764	1872	msedge.exe	80
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4900	1872	msedge.exe	81
PID 1872 wrote to memory of 4412	1872	msedge.exe	82
PID 1872 wrote to memory of 4412	1872	msedge.exe	82
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83
PID 1872 wrote to memory of 4416	1872	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://blocksmc.com/player/s5an
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd37d3cb8,0x7fffd37d3cc8,0x7fffd37d3cd8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4184 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,2926467755005925573,3923164134092529692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2960715a-8f1a-4bb8-bca8-d47154a75da4.tmp

Filesize
8KB

MD5
d53f212da4327be3d986236189be6a02

SHA1
06883f65d0255e63c6dda4d9ba8988dee9b9671d

SHA256
6b71b5644c1eb3dc226a431c3497206a2e5a183b220988ddc97cc9bae8d17330

SHA512
f558c25db7f1ce708b040a975800e95c743dbf8ed7c0a5027839a427969feaf07b2b78a64a72022edee63b58e5c5c74b2f177033740b3613314213af0529a690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
32KB

MD5
5935a3b84d16bfd55607cc85c0df4813

SHA1
461201d875da29e3dd446d64820b0071abc5e2bc

SHA256
f767acecf7d978d159e7838f888f77114c786bdd8d3de5181e4b71112bf90653

SHA512
2fd0c7f46bc45e084c827d1dc6abb406ac63b427a3ff155e97338766fed7c9f0f71a01a4dc852002ec16e24c5cae6abc8c2676d41097d930dc81b6bb4d5448ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
75KB

MD5
7a55a5601ff663e4ffa4430d1010ba05

SHA1
51dbb88cded7697f8303e31f70e8b7e79aa82507

SHA256
3c400bbf4b3bb006671b6d989831eb5a294a8efa82bd033a8cf8085b0e0e0773

SHA512
c38884c366d8f1e6ad462d3fbd29614d416537c3d9e2da4e14b3706a7f469cf293fa797d2b140c941d9201435f8ddc902d6f904f57abe3c7357e9faae977a7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d2182509c3bf8a8663607d6d4f7ae0ff

SHA1
6392748abdb7f402b38fd285ed50e6b8781b9979

SHA256
8b67002481fc00967da388d48e7cd110370c5374cfd9babe1c5fb1b01885394b

SHA512
1e8fd9495b05bf9295551e3fdf6886d8705a20fab7ef377222f985dc4baef8041217f96d014719f6c3a192cc570cf2b5cb98fda2ccb819bbe1dd478458a45e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6598b425bc984c140c4669174eba6818

SHA1
c7b7b04283e9d1a41fdeb8054ea9ed3d9b8a0ab7

SHA256
46ead5514ce7a75c4664edf1c31e9642d55a49eb12d1b6de4219ea1f78303ca2

SHA512
b6c2f201d4a79f49a2101f03a8f7da090d2f3af35446a9c2438b0744f35ab6638afb40b6bf81a03a2fc44a9a27efbcad712f94fc40e56c809b6138a387c23f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
beaedacf6b87debff95facc0d0e0ab69

SHA1
fca3282cbc9f33de6255e236e877d0e94455be53

SHA256
2ca3e8c2fac1c857b59f2a474f2e2d3f7f32300f6ac28366e0378e8f7deb753c

SHA512
81e8c1eb99bf364c171a63d38ac711cbacf6937a65d46a443b1266b4f355a53261c12e8310eb9cd903512d2ebd456bea711a6e695005f708289aec8ce3a641c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d266c24af47f1b356ebe529a72e3f8fe

SHA1
905ff37f8bef41d26b9f45001723dbf936a43edb

SHA256
84b686bb2401c0103eca4adeeb512d38864526d40309a6670d928824543c736b

SHA512
1654ddf1cee02118d67377393f21e069e4c25e68d5eb44ad4f519e2aefb26e6fcaa1622cd1670636b950c67c5003980cd2e1540ebb405c94a32297defcb0826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
0114dcc4e6637d0971f6d80f1a63cdee

SHA1
a8a9dd0eb1ada466ee02c7faa02dd469502cda7c

SHA256
c8f776a36594c9ee630bef5796eead8457a669ba985a0c0cd3da28aca2154228

SHA512
61949939c01b67e54892f79d129216693e6ba1d25de54b1089eb91580beb52c046ee9c28df3ab6ce345d9d1bcc90bed82b7217d6c044e14de9abfd8cd9b63d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1bb70ecf45581cb270955d2dfc670496

SHA1
6092b80ffeb5ae48b59555fae0fae07d088a8e0e

SHA256
72a7763afb69114418f23bf908d9e01735215c016b76a5f20b8e04c40b94e9e7

SHA512
34703bd8359d4e03efed3aa3f446fc57205e0d4770f9e49f8b99c3e1ccaf7c87a19c75c1deaf1adc92f73995aab866daee174557ae618660d773a5dbd62eeabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
919271a10e649601c04834a9465bd6ac

SHA1
7d3e7cfa7677454ef0daee0f4d56ef8d8d7c5bc7

SHA256
182eaee4a5784e4cfb5387cec15b2d6c41f41008948d9c4013e3b8076df373a8

SHA512
1bedb53a7e1d9efa6b792ffa778d8b403ddecec260f0c4c1e4f6e1983e2fe3ac60f84796c44395cde18bb969b8550d4cb2a399ccd358c0d3685bf1a2c16fb9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a834a1e4752efe5612987ab5d73fd054

SHA1
15d70f09cd548c562483b8d2696d851dda57e854

SHA256
669aedfdd7b3b872c363f4cce31c0c64210b0d5ad49bc099717dfcb4b88f2cec

SHA512
e2b0e778a638d92f5380ba8546474ce94b7e902f2b6e3e7cd72f2c38aafece0544fc13f1e2cf24e6eb4cebb46d73e622c71d1b2ffa8770272e348a6f263f2410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aabcf4b0476664cd7f8bb532e3dfd65b

SHA1
17e51b5f34bd1065c29979ae36bc80c54dfc8de6

SHA256
c9169fbe5b9bb97f27fbc5b5622e7ad302885af7a77decc15f97173335b23e5e

SHA512
a588b1eeafd683e33664f67d1e73084b8ee65db1321088bddcb09a94ccb9f857aa2b41d12fc09e2c32091d7592d96fa9e6101039fef340155fc74c0d03aed6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
40af78e203bd3f931097573a89e82ff9

SHA1
2a40bd65dc48f7955e317d9611af3e435878d015

SHA256
d933e51410e6c758824a87d198f1834bd088c1cb60d62ac53e32a5f8678119a7

SHA512
df0d22f278e58cc88c7a1e92086b113b3eed3fe2ffe7c22486237a7fc700180c0a5f493f75eabfa1ae83bf35944a855002b29a364a570c910ef498ba194406e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fd88dec426d62cc5cb1adba1913ed59b

SHA1
d97c328f48731204eeb670ce0b59de436442ff19

SHA256
b8b123f8c0a1b0b2f24735a07df4625bd012cfcae6070c01241d455bbc450ceb

SHA512
926c978ccbde2a8ffde513faaf244f386b272308805bbdbbb274ef1d3a3b1579e812b3d04ae77d0a690f8b95d67854735a3ecfc575fb2e5895a812122897d8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fb3d91bc2550b5f5d19ff650dc6b21be

SHA1
d1a0b4353fc4cdaeda700b30a221192b6d96c93f

SHA256
15571240ee3efe1006c645fcced9a21966c54ec24067cd15a81998fdf44c54a0

SHA512
ba381a0c07e02d8b46537d2acdf3eb9150ef323d72ce21e835f1e576d94e5114b69aacc90de1e3c7d08ec22a8086bc1543aab5e0ce2801b4be842de65d6915bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02b569afdc23af4380ac3b606b4a7bc3

SHA1
1f3444ef1aac16cde5d611fc7743d08ada1fe283

SHA256
60aae0fbc68f7e9e6b6b2ac6f1d24ec6fe90f53b427cc37b3b421bc760c7bae1

SHA512
0011455dfc074be7b3eae7cd9b619e4486487e18ff254018dcfe0d40386d3ee557d0d168fb31446e27b0a10ca34b539384de23086dccba1287f5335406f11ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
239c7081670df1286cd160444a59b171

SHA1
de258add53393f0db555c8184579159a6bf28bce

SHA256
298c90cc310eeafdc2100414886631b8da73a5151a5691abd42335e8ee42c9eb

SHA512
ede7333a1878120f578add586248524f925fe0fad3f528f9cc93082ad57d3a689ef46d7d9390355796f790b29e7b46630be660ee3eefaf7168bc23c99ffd07ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
71e05d5c9662db7fc1da122ae04d308a

SHA1
3cdaeb591d76dcd0495a2bad2a5beab5b9c0346d

SHA256
51d7929c711199c013c3abd8a87fd3a45ca78213de53801efb51e04d285fba27

SHA512
0aae75c675e4df49ff7d980df294f9f6f5f8253ffcca2de5b0ac52368f5db818028368f42db8a643ac4392c0085fbdd93a84ec2881f29609a18dc90e7e706dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
48f5f96fdc4014da3f6b67aa54ed4b98

SHA1
0b589d731286433cc511078a28c61b73bc76e44a

SHA256
bfbb2df7ac75763162f07a083d3cb5c437fd89dd3ac74ee7df07e69c904f6d5c

SHA512
cfa69afb4983bdf6ae24aa12d38f99cdacbfe69f50c8f7fc6e2bebdddbe2d1f61b97a727a5491d6f5882876392ee6a82627e823253de24f9d52c0bdb0040c8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c8b1389e4b0f7db64a6dee2baf5ca19

SHA1
97ce62a5d8d33579513f47ac47fef57753102126

SHA256
c505723a3ec60edf1fa646d7012c35fa481625fd5501cbdb70ea2cd8aa65ee6f

SHA512
5e944d4dfc4923d36921625c7abbc03ebf6ba225c0c1fa741fb345d53527b835b6f4db5d10e5c40962d5c491983954fc29ae0149bdd85cdb8fc117055543b866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9cfc7a6d322b4b9461f3a64d6240c018

SHA1
112eaf48cafe6391d82383886e188d1c69318187

SHA256
b6a3028ff8d529104c9cc7d8f7586c15f82f2f2299f7a7a594dbb4eb4a80ebbb

SHA512
0437b0a5971a064de7cdc39de956f667555a33d678ed83c01a88bb296b769f9d4ff4f0c61cf3cca1e5405acd88de2849238c2a00181c5e504b8c5f0b8e0779db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9c3c0f3ac7f81e19029da84c2e42ccf7

SHA1
6295a284f08c8847e3e5305124a06a576c94ad23

SHA256
b171d5fc364f0bf77d406508b0d74d7ed00f59cf798ba8d94cf145de7a6f5dcf

SHA512
4c210aee0939fa003360c2df19e4819491e087103bb5b9bcf410d489130d8a2839ba506e9ac5446f9d29064d53db872e28c60a50d494e08e1d8f2ac74a876720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bd97d4a2302355194fcefbc6a73a437c

SHA1
6f68b5d4f48dd23779143afa5fbce6ce57435b5b

SHA256
f8b96ab1f6b0f3e2fc0627dcce2c46505e020347fe3d8ed7f6b6e3b5290c6e28

SHA512
560411b68160d21c36216e9d1e34a586eadbaaa36cad79999c27939e2863f099f3ecc9b5fd06c4c2627ee628f0ecbd6f920e08a317479ea5b0c4c7c9ee8206bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3f50251c9c67a4caed359cdcb35bd767

SHA1
bce3bf701648c0616cf445297a91459c96a857db

SHA256
619d903a5cecbb29f884449fbb646e20bb119efc33a34138c374413c90d21770

SHA512
0a321152a7ad6b7200982595004474dfb855e150e5f385e7ae4dd7e5d2e5e4c7eb15d72b6388a83ef9286407004a514af11416bad11610ad10ec1d9a9c090baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6ab12db02eacfb1aa73c770d96770249

SHA1
22cd3c46dd2eb0f5be0a1706a59ccdc35eafb990

SHA256
4d51341755c4b8f9a2b06afe875014f1f3a54eac87d1fe602137d71dc72d53a1

SHA512
9774d3f6566ea6b4faf85ec011e33163471250ce952b0160072d3ca0974e379d7d3a28bd8948e092afd0213449a66cf996d17288272f866565a56c040561fbf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5fab618e7ea34fbb85d3ab6d158f95e3

SHA1
8fc874370117b233d2d2198b19763458f46f1ecd

SHA256
e2ec54c25b97669bc7721b1a91c60ef24d51d8eb65e04f08f933ab0162886626

SHA512
5a6d14321207bd9a39a93ea90094a016628a73f30197e9bc6498915f0cc0b27af0165ee68902055f01e786b1c14cb4b76a9c0767745368d78d46d618051f692c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c348058ec85b149773dcbf1512c513f8

SHA1
07c709081e8bcda34b71dd9aa5d54517f75dc07b

SHA256
99203e763e1558543ccfec7146884fd60e49704d25b23dc71bed383f614f28a3

SHA512
8a6b3d994f0dc1af152abf294017b4866012eeedb5afa0e5e8822d03933ceb66b2aed83b84c7ff1701f73b1a20d6f62333290153b0f2cbff54b7e2768a91d3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
17c8714f909b4555c44ca4b970784443

SHA1
9efb7abbbd8560ee2b3a8e8717618841cd58e326

SHA256
0f4c1874aa64869d7ff7570cfd232402545eb276b5b700f7f388b823e2e11202

SHA512
8d07be00fb0309b9ff95404b1c50d31e1acf778a3a9f1a1172f0d1662d81f80aea2d6939884ed36d51901d53dbf64064e61afd9706b7e77b52e061e96c527c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2945c6c82af2370c5de7da0cdf901209

SHA1
c0c5aae5ca11efb6e90c3f2898491c320b05a3ee

SHA256
f27395e74d932e04c0bd15feb6d4640a68345e1ebfed42b76a520a5c54ca6130

SHA512
2e3774f9d49f630f9ae977ddff0c1e9500ed303f98598988f12a397b8882fd67ea04721b3264df0d9dda71e41b652b313270becc401585353bab28e68138d400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
034ca7a8ed80a327e9d172eae34d44ef

SHA1
eb99933d95a93e1c9b03cc104ac449a557864922

SHA256
5fde88210204a406bf832dbaebc81549c6c108e49accdfa991f34f5678142cb8

SHA512
90e74e18234750e8a6918fb8c9fa712efc0c0f9a6749ffd1745f354c776dad6b935fbeeae343f6965fab78002f1e4eea373c71f8d8faa6c217c53d661faaa2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
22a2757a2fd44bc17aedcfb438114879

SHA1
81ea129040d78df9d138f63e259fffeed630f9e3

SHA256
72834da7ca0c8ec6b67d7ff35f27a23526470455cc98a6fb83563cbc7cfa7b74

SHA512
dd7fb6d356f5370aabe066a2a53882d84ba57b40bd37d3da659ab4fb82b975a6ce92eddaddd76caa171e04713a903ce3b46b3dc1e2cc11b3a902e7f288cb8fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
dc67ef26528c0039b2bd51449fa0dda2

SHA1
74f3544ea926216474ca13b83af0e6f553467a80

SHA256
5263d96aab97d0a043a14e979d8b2d1c59672eefe274f969b13b259faac7db24

SHA512
9ea3ca594748fc4e9c3b2c514b85ec548588e466a35c702263164e01628610c89545c29d6a998662eb697d4179e111aed8f73e05668a6bf7a4966d192116eee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
339949e99fa81ddf6eef4260f364e205

SHA1
67cf6992890c8bb24f05b6f034e9470095e2c747

SHA256
37aafaf7a8dceda9cd2e3e66edafbe006141304fde795498db67f56df7ad8ff5

SHA512
32f63cb0190f18a2067e5f70ec5cb38c4a3fcee03e5d20caa510b0a547e29ad6af3c5a53ee29e793f6cda2defd5970315b12712179e33d159910f5b56d2618aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0cf7dec67c453bab3c2299792ecf731f

SHA1
3125eafb4f0a323639d868cce585e950a83d1f6b

SHA256
b1a7e935998cd1a30ecd16920e7d627b906186f758e05b91a7d53ca2cc86285d

SHA512
34c68a11d61dea211ab47de941eff10d36db8c218e46a52dbb35b68ddf7f248b63a3d6479a3545a75ea786a02878eca393f40441058d33847cc318309b9e5dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b2e697c030166029eb09ec217d12d7c1

SHA1
f6394dcd1ace66aa1f105fa400a3b41e35514992

SHA256
71e491d136387c079ce00563f5f69dfe18aebb2dc47daaa0f21a3e13a5fb3f28

SHA512
61e6581acced3d7b85297ee2e842e172f3d9441d33602a1a4118ad866a86550f1a9cc4751a8e94375d245510d2d1f20804cfa6509aa3b9ead6c9286c06974e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3e28024bfa1aba75143441c7bf9d8d4c

SHA1
8b0431452d1427e5fc2e184d3bb4a043844a414c

SHA256
6defc285b3d929901371d8cdca91bdb6b3d9114c3b2ac89c6b174a241166742c

SHA512
7d29a547b3ebcbdb701724cfce50108e7f60d7b9cc5c0b4caf594e55f21d1e567568591ca40a16c07a95200db1493cc9b44c25160135a044886ddc0040dcd690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
2742c30940e38cc1fff82cb0b9a6c10e

SHA1
e8cbd079fb78b07b7bb61ebb1c9e3cddaee0e1dc

SHA256
71f47f58d171cb08c477c25712b6d89f3c0640147412a648126d4d3503c2bfe9

SHA512
39e56892334fb7eca9b65282f14f38d17a45d8885c834ca9ad56b34f60cae83ea2c7cf71b8d9871e88a7864c8ab172b5b963bbdd21c6c83dcff2941effea599d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
b78b30e8bf01270c15fb9450ee8cedc6

SHA1
94a5bce95d6557149b839f0ab337ad8702f233a7

SHA256
b4db76be19ede4d8639d485dbf989746686282f3e6a53793f6308b03f64df5fd

SHA512
c89e5c440b3e4ef284c6f4150e44dd0f5e95f3f783700453783c9bfe2c91b2dc1e4c8b2fc1667fe5347e388dc12b2e1125169d6b2106e3726821dfd04b448f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4bf66c9766d8428373f7b9f964852f20

SHA1
3b81478d4dbfe7666d51f7038415d17072467f1f

SHA256
a93cd0eabf2920d5969af6885789954c36444f8f91da8b7649f1d6289ba21847

SHA512
8cfae02248ca2efc556ba8537227abcc4e12fb9b91b38d1e86313095e66b48288d92e09efbf6522d55128684c0fd93b9dbe0d6e4827ac679bce8eabe3280732c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83a4c6b9c000610f043bfe66b8dcf25f

SHA1
06b5b4e4cf6f4f2ba6d6d96d7abb1b0821b2e68e

SHA256
634de8d946cf4c9c10052eaf12a0e127b84d6244b6a3945021bacf88a5167f8a

SHA512
8839decc5e8fac95bb82455ffdd05a6014e6050de60cce862b0af61625021dc91a255a085b1a43b8835e80eafb3b7edc61a5d5b0a12020ea8d1ba03ff8f264ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5334a405245819cf8e04f5f35cd0ab30

SHA1
b63320bc40ed52f1426925c1d510258a0a2ed791

SHA256
ab60ceab5573f6f50f5d73b16d2625cca310a281af0554e565282577bd5bdcc2

SHA512
9815121d7656a977aa3d3f8c7e97c3f966e40ba1d64eeb1aba4266564216c299ed0399c620b7642199b38e2a3085ab018437e66236a1ffabf4061080f3dd66f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e163a93331e7f19629fb4943c0b7c764

SHA1
ad8bddbb5868be75573f57917e4cff1842fba541

SHA256
585c986391b9a6e96b964b4e1cfcfd37ea2d1aab11e9b2a1bfb236ed52d908d4

SHA512
509543ac9682c4b45dbd3f251b866a323b77707ae65f21af16c7f982d42101dce1d59ba285947769bdb4267611d89edbaa84e7fe7e1a92f12277804c690e41a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1f90c31a69a1ad345c6c98f3cb8b8541

SHA1
e6cbd86d388dd6738304ad0ff4fee448ba078f96

SHA256
2437e6b5bdf9b6ba4055540c6cee51b4c20d8f4a84d0b11992efe675af2f439c

SHA512
204930c16313737e1a50f83a2c06028c2281f2e18772b006aa69d66f98fb4dc8c0eef480ea793df3bee4771bb8772dd58657482872db5ce2ea1226fbdf0615a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
f5f128cda89b74f4e779c3ccec3c2e03

SHA1
2a56bb181813aef07418af24fb326ca3b0eb3f6a

SHA256
2e42d7627b8e9c48c9a2373b3ef161edafc7e2c12ac31401b0634632f2f0e46a

SHA512
3db8fc72b6d9bb5411b654bd7b048da05ccee9c07aba5aa211b90eff5d6c796251244c9244a2a1387f334ffa59a64fee97ff23caacbc4c2702239d93da9f2cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0ab.TMP

Filesize
539B

MD5
c353d09ecd3e273369d347dfd27cd483

SHA1
a26f98bcb2feaccbe6d69f7c592afe7782080e33

SHA256
6768777a33ff3adc294ab231b69dbe7165b9a2ff9ef84a94933e01307bbf9e49

SHA512
59c726a242c727d26b0025d0ab4144c782f012ce13d952b02885d91a2552abd9d7553dddf90d46c4232ceeb2bb9550d377dd4c78483565784ff2164adface066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
372cbeb294e9e779deb54c2c6cace77e

SHA1
2cd8decb7d100eb6b460553341df037314292877

SHA256
fe4c45b3754b242ee0df9a8aa0857b02968c07835469071d568a69d54cb1cc63

SHA512
dbcf89c1cdbd6beb8e44597872c48629c53d44b4d1f54f962adfc1ea6e5efef3fd1fd1e4717363aa04f9f1f91bbf46ccc5c3e1bcbb2960341879078ab03b2cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ef523463e5b42be3ad39bfc43aceeca

SHA1
0597826d069eaaf2582069e74cba386d579daf76

SHA256
2952689a47bbef92b61b2f85938dba489dae2ff2cd963b23e2fa6006065632f7

SHA512
95b56bbbc9762f6df5658e02c7e749d07d3857dd724bd0b64dbcacc3b7b8f897a17315336dc8ed135e0f8fcd4441a6b50ca87157d3fba24f6e3519a80891ff84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8619c9fd4619b084841a5dd4b35ea077

SHA1
78c372ecc179d94e6dc22cb2d1b0d01258114978

SHA256
4bd166cd9c4a0de3b006cd459546585dd70847bfbcc15b280880fa4284178aa8

SHA512
742a6e44ac047fb8c8e76eb5c348b70e48f458fd14d25434b4be02ee20681abae7fa82e63ad6adc3cdf1298e4afa150fd8c130e1c5b83962c9fb81f950307732

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a0b0c2f91fdc30c9796a9599fcbdc17c

SHA1
9c2fec0f79237f1cf7de596192d9e3825479a192

SHA256
4c2cd24aa98da680ee5053a6ccfe85a6068d25ad3129d3bb7b94416361d8df4c

SHA512
2559fdcd563e215c18c7e17963cb5515899168bf54f910c7bd2c383205db8e01406eb17b214d29e3f645e2ebe4aee022018d3dbaf162d266703863f000a3a2b1

Download Submit