d760bfcac46b88b2d262f360c591af94e5655343f9b3c9b089554b56bc2363f3

Resubmissions

25/03/2024, 16:09

240325-tlxdqsfc8s 6

25/03/2024, 15:48

240325-s82rascb85 6

Analysis

max time kernel
1199s
max time network
1205s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2024, 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AngelAttack - WW3 Bakhmut.mp3
Size

9.2MB
MD5

7c6cbed4909644d9cd96f2a09607316a
SHA1

a7d284fe3bdc8d6777401aed779b5e63df64e3ea
SHA256

d760bfcac46b88b2d262f360c591af94e5655343f9b3c9b089554b56bc2363f3
SHA512

290a5d7fa27d7c3bdd1d8358a6f6f357d6fc732f30bf2ee4b75a3b590278d96f1b43b74bcc66411eb3d9e9d235c57c57c27aad47d1f8de18d4b4ba670f64a679
SSDEEP

196608:ol5ap42Zc2si7V5jw8VEQiVwjKt+7eQfyI5pNrX64TdlAgMUIL8:fy8VEQFrywfrX1TLAZRL8

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	discord.com
22	discord.com
23	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3852399462-405385529-394778097-1000\{E7CD4B93-2CB1-4FF1-8F02-702B1FD0D2D1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
1352	msedge.exe
1352	msedge.exe
3896	msedge.exe
3896	msedge.exe
1124	identity_helper.exe
1124	identity_helper.exe
3556	msedge.exe
3556	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1240	unregmp2.exe
Token: SeCreatePagefilePrivilege	1240	unregmp2.exe
Token: 33	3820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3820	AUDIODG.EXE
Token: 33	3404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3404	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 5028	1408	wmplayer.exe	80
PID 1408 wrote to memory of 5028	1408	wmplayer.exe	80
PID 1408 wrote to memory of 5028	1408	wmplayer.exe	80
PID 1408 wrote to memory of 3392	1408	wmplayer.exe	81
PID 1408 wrote to memory of 3392	1408	wmplayer.exe	81
PID 1408 wrote to memory of 3392	1408	wmplayer.exe	81
PID 3392 wrote to memory of 1240	3392	unregmp2.exe	84
PID 3392 wrote to memory of 1240	3392	unregmp2.exe	84
PID 5052 wrote to memory of 4936	5052	msedge.exe	86
PID 5052 wrote to memory of 4936	5052	msedge.exe	86
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 3460	5052	msedge.exe	87
PID 5052 wrote to memory of 1352	5052	msedge.exe	88
PID 5052 wrote to memory of 1352	5052	msedge.exe	88
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89
PID 5052 wrote to memory of 1284	5052	msedge.exe	89

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\AngelAttack - WW3 Bakhmut.mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\AngelAttack - WW3 Bakhmut.mp3"
  2⤵
  PID:5028
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3392
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3f103cb8,0x7ffb3f103cc8,0x7ffb3f103cd8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15381246197617237910,14944100991980431687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3820

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
341f6b71eb8fcb1e52a749a673b2819c

SHA1
6c81b6acb3ce5f64180cb58a6aae927b882f4109

SHA256
57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

SHA512
57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
88e9aaca62aa2aed293699f139d7e7e1

SHA1
09d9ccfbdff9680366291d5d1bc311b0b56a05e9

SHA256
27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

SHA512
d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67cf68e3-a837-4159-a00e-e91d4c45ed63.tmp

Filesize
1KB

MD5
cd91c2b5b6a14f58a3e7df54b0ad1ae2

SHA1
2c93f8c219c8e2f44df8c608534f595060a094df

SHA256
c36dfe315f7cfae55167fbce02e2cb5eb58886f7ef011f3055a94dc2bc7fab4d

SHA512
529f694fe036ace41d451dea7c6a0a23dd6c7119e783200fd13ae25bfb47830a06891da21656d8c469db6c40868dd8cd7adc7a8379ed405166c3f2d998b049f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
366KB

MD5
6dac67141e21bbe4c7a52505d54eff79

SHA1
6c5f0141175a835487e0638c4fb1c7b9a7af2475

SHA256
6291b0988b67868e371f0aca60c2fb8113b21e387117aadc0da024b706bb6b0e

SHA512
25ddf3096f67b3e3e52347e21d6997814a0736de1d74163a5ca00d3a826bc4e9d4e6ec6d5e6a73667282d4a05ab75279ecdb59e40b7a66961b122b97fa7f1ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
282KB

MD5
71b90f3563e521b70bb9b72292b73b7b

SHA1
039250cfc86253f3c72f32a216023e0ecb0a2d37

SHA256
bc15d0c6b2ac83d40552c774d61fccfb467001ee3a54f4db2faa7058b3396228

SHA512
2d5f0d707b6a469b5bf1a0256b7fbef026567bc099c9aa26888cfed6df5e6a6b3c08d4b06c85c62c74751452d6ebe7964c1658204536ff89f08518bfd34d2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5c1e6052709cb6fb9da81bda5926914d

SHA1
7fe1406bfdd9c78bd1458dc737bf1f51526cc7ad

SHA256
3fc6a3aa4847813dd45e18d9840b8f4bffe93b19d7af0412c8da715909abda33

SHA512
419d933fe5e0bb100bff3f6b18fd191a8467f9b5537c11ce4d5a60ce7097ef60c5aceb75a8cc811086fdf910aa631c738e9c39aed47e97aebf28849d334e771c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3d85f5bf8c3d34f9ea1b3bdb1e657f83

SHA1
a28fc42e6009648fb80e8f4bad0169145f138fcd

SHA256
d78efb5c7d492ee693512c6a80b701ed3c54df3536698c5af4c4af7238b9471d

SHA512
66c078f427145d133e02bd1aa696382e80922c07769fa1e4355d63dc225f95c9b1435b2bb611dca8230d1f4f222d3c1298073fc9d411d45a9e1b81b3bde3aa29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
44167b2c2cfec9e6fccdd2415c11ca88

SHA1
9bb3290458b6d3c88ed5729fc9554c6b8d39b5ee

SHA256
61b1fe569d042510f06f5a3a6094e75070a692d69723c09a27047ac205979e81

SHA512
6d11c645246799d8de0a7f180c5e43739f68f897edb199e5639ea1ad69c1a3cac8fb0ac4cc0d190e6455b4ceea306d107f25a95a9dcb0a4642b44a5952ebbbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4de36c491da187709415637d13c04cbc

SHA1
da79a6191a021c2cff046469893d70c4eda51b05

SHA256
31a05586919c06276c8272296e49bb36effced67a8ad8d2603f361bf81679717

SHA512
03cf8df94c2f1151ef148ae7779b8a651b0065fdecf68ae090dd8f746510301c7a1ec42d6dc4c7feff62e1aa7f0a393cbc7d306bffd4f11a75abfc9f7ec99fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a9143b45b5c9485388b6a76206f60c07

SHA1
2e1caeee590c41babbf76809df16c06bbaeaf6f5

SHA256
18d5c3848499c0c79220680afb012a7f10d393397502259f31c1db571d7ecbbb

SHA512
2003cad78d5ca65b484abebdfbfce02afab8ea49abb1dcd1f6286dc91a95098dc7ee83749fb159fa797f8d86c106437e2533c4bf8460b2f00e2831a0a8eb5368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1498e0e35168dbde91e1a38c0e1ddeb8

SHA1
4f16f168c4c1f257f0a2edefe532c5f5ee6d1243

SHA256
94b9676fc578a607925b3ea564a4ef8bac31cb7c740c674d848998ace49008b3

SHA512
d194ae3bcd459166797569b387c0dd579a43257f95b971acc888c8d15b3a798e6bcb51df688d88e0d7e71674f911b6e984a99b0f4ca6408fb15462e6f28a0af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
2fccf7d36226494198852ed48e75713c

SHA1
29324a29166e349b303a5a70034fbc7f42c4b25e

SHA256
f84f2dff4b97f96c208ecf529f3acef7914ecb9963ac2fd61bc6763e56a19e78

SHA512
5f437f4eece2ea509a09c0cfda244056f30637e8b19f347529496866bb1e00a23737455996b3e9955e74d24cd121d8c4dc252eae663c6d902392e4a75a3c06a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
032c4efaf133b850ddf6412a385d98dd

SHA1
2cc60fdcb957218403e7d6fbca38705eef42acbc

SHA256
11f5c58fcae296fc92c71c0996aead9add08ae5b043a82948b8d4badef8d5a08

SHA512
8c3bea92db1c0267c6dac4c1bf012aac5991c9c36d8c07935cf4513bc0de68d55924b52149dccd392d9b6c6f886358e398fc3e76fdd543167014dd17137038c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ccb0775a3c8bfdc8e18f52624d0216d1

SHA1
bd003b9c41104afe9a0dea2a61d9447384691b79

SHA256
938eca480cc3694b1f859e3b23608a5d7b0cc624d51096352c84f209ab221980

SHA512
2759d618958f85c26f2bb45097bf2abca29ffcf8fafde8a31acf05d71e7013f27c2cae8e31402804046ed9239cf652aebe7e5f8eadfbc06aa186eb9f23059a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c902acb70522d2d7ba735fb67a7af98a

SHA1
c06495181c76fbb823b486dad89505be0053d3be

SHA256
0aa8b2f97b3162ed6623cc2ff7113d1a99a01b3f20da0ca99f62fc917b5be8cb

SHA512
fb99d6e8604373619bf53310067e814955d8e9481bd6a873b7950975eeb5fe6966334de71e94012c75157c44520cf9c9de7d99367d3f05e197cba39b6a2b0b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8f7afeccdd3b48191c92708d102d2ee8

SHA1
4e57a89588dece038c1dbeff58a6be1c1b819681

SHA256
88a298ce774d8759f617d5c33b2b43d8b90d07758be09510514e66e47f2b9d53

SHA512
cb225e0a9b1031b449e7b058f4acf8f655ca2b15d992cb817fe2ee2b6996bcc1a3b63b7027c5fd0872612f4a9220458ef81d770e3541d472ab38e7e7997ba3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
347a8b7886eebdbfa350d242110378ef

SHA1
e464c6fc9c5de626f023cd6281cc61a57cc77282

SHA256
338fb69fdaf9fcd2e7a186f8b93acd0dae1173c91954d13d8d7a860ce023abed

SHA512
ffe69ec108783ec825841e14ac2351879fe5883029cd08c49da87b5b698ad516414c69228234edd10989c9f6c77f9927c97e0205ad3835591086900cc9d60e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
931B

MD5
2ee7f8704c1511d8dbf46895754917b9

SHA1
cf37bfa808b5fc34f76274987c7fc8139e5599c2

SHA256
2f02bb0ff847e0018361f479e84bc2725d11bada439525cb090623fb7456cc20

SHA512
856342da3fd76490040ae8de5d5c43ef32c1bf8e83437c2041878fda6681833d30d5f7c419573a325effc780ac8567088dcc149421367f5a77c2ccb690601e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7d052819bed707445a2bef09faab65a

SHA1
84a378f503e8e4ad37bc12d605191a5af9c9e772

SHA256
8b416cf85a0c7869dd291d74441a7cfdac969f20b41c3867510ed8447c655e04

SHA512
2c72584676f6300cd1039ebf50296e46329cdea004d0863924da73f38f5114275ea252e0447bdecf239149b08dfdd465f12f6c935bf40cc1134788a1a872fdd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
54ccb8874be12339f5af651902c1fed1

SHA1
2d7b71eabce4cb9e78541edb8854c472beb02802

SHA256
c506e7f725876a08be6f6e2ba81ade6d8f2991374e09fcbb3f10c85277f9c257

SHA512
fbd291939409f6a1d999c8babcfd56318bf2ed340578b71b9c77849b899c584fc850cb46298491f3d89ad6acc32a16f9b11e61bd977ade38d75816e4d54a3961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd52686c008cd219d30cce9ee60c1dfb

SHA1
6f2d745be442b0ae60793e9d772ffa8fe7ba0be7

SHA256
5b20e84e8b07d0f86bdd761b074f0ac594c45224ff118627c0d6e5800f42ae14

SHA512
be3ae4951f3c0d3e9e3dd4083206784c27c42fcecb5e3066aa7049a8a70c21807cf156bf5632fd34d062bc4b78769e86710931c1dc8a1bfa149cae7393318356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
27c7209f3e4aeb00c5d9f369a7b1bfd8

SHA1
262699a70c96e4709ac20d359d4e7b8c0d67532c

SHA256
fc2e4dcf6b6be2f417c99cce7f34b8c76cc9bbd7be3dd3f6d78a102eb20bce04

SHA512
a427f780b8974502d52b75941998b8a3568d9784a1a3b9786611497a5c3f1754194ea8d11abb710ad630960590498565bec7a64e3a75f3e2b972b41a69b71309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eaa0d01515708fb0b41ee91134919786

SHA1
1826e48dba5464fe29255bb688e3a48e267e2079

SHA256
0b9e8b63ddc48d96b760172e8d43127ef8d6cdb5b845cc4d3b14b35f54398c64

SHA512
ac1b744854e12f15da1a6ca134de78e7217ccc15a6558903670543b8d0e72a69b9509d99bab5489cd5668e6b8b1d16741858747884c74b622e63522ec665ed71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88da4b2eb96f235c4ed85e6ea7c6207a

SHA1
c74f43315473919dcdf7698171214ab0742e2326

SHA256
7b3fb74a3a6cbd14f351143bb2c63be202c00188b65be517ad8c665eadba3168

SHA512
6482832fec46a7d9284bbc7d80098410b14205d564eb1c39350e32bfa43ee9544254fc77d97eebcdaede062562e9279fe08af98cf4b2b09972716b9dc22b8293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29f5bbe49f2502ea1d76314cc26d9202

SHA1
9c8dade370b468b6c340dbda430fac5711810dcd

SHA256
8e6142cf6c5cf01c19ae1a118e7c9f7e95205b39b71ce5e416827ddd2ee9a1f7

SHA512
56e1464b4bd5229c160ddd05ea5deaf823f934fd96f9b959420f3ca68c92ecd7597301817a2c1ef29c09e5f99d369bdc5ed39d193aac7a499fcfd69be5692f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d82ffc95352fc9c93125acb3835ff02

SHA1
ada197a769089d9bfbe69572d281252fb63d5762

SHA256
3db9e1d33428266a1c58a859c351ef1794d9419cf4ed822a622249e339b46d70

SHA512
119f57c67f521ca06b386aaa8f61fe4909e5c2dcad14953ca1cd7b6ff048df65701983696d0ab1322024fb8348eb73a188db60c7d13ab20ac021e6c9f76f6628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
961a1d02bef5183805fe465bff0c1293

SHA1
ec97e9d7491823e583aae8029e2b9dd54a01646e

SHA256
99bf60b4a88f1ec80866010c9aeb157d1924636efd6a5ec8b516c2368616d1ca

SHA512
5cb5790f1cf0132de3bd8f427659b09099f00ea55e25d474ade046f78e9aa0652a9969d2e35e60b2fb46172b9f3e22628cec3410c880f1089c3601366148744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2441e6b6ddd24cba6b93359723d1c3ff

SHA1
ab3fa59f94f00c699ef8bab793cd6d752dcd48e2

SHA256
a55e1e03fc87a23cb83f282ebbd05b66e4b8f93f76cdbaf1bda34008b5868c81

SHA512
973d050f9c86a1280b1f0d2015eeb67f71db5745f044a2b5f3f1f73a98ad8e4e9fa562f63be57f1abc771ab36082d45727821777ded53aa60e97c49e84215184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
00baf55c12724f78980a8b1c420b619a

SHA1
2c16ebb50f032ef5f6df338dd27429597772acd0

SHA256
6edbb4c5745c2f294fa2b0d189aeaa7e943622656c19fbc926d8611ccc2be142

SHA512
3e0775dff2234f210a6e6ea6029acbe929117ceb5f95ec5fe618f0121b046769c5d514c6fe94bf7c9f7a8a0fa582bf03144535af44154809972cb81e06ab6692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88617e97a25b108f3364831e63e0f316

SHA1
46f523b02548b6bee0e6a956b8faa857197be4dc

SHA256
bf28af348c46b381ecdeac784fcd0b25d6fb3eaa876877459b7ff1ec25c67b59

SHA512
ebfd32803e7a866256c798fc4949356ab82ff8edc591357fe519f7705816c3c1c39c34119c9420f1c7c5806a8b8f8a79ee1d3c30ce8861f4b2bbb4f987470b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
abb6481d19f339d49352657ca92fe993

SHA1
64b48036847c2c358690381bd4e375f2885a26d4

SHA256
7bbc3a7e5774923c0f97d740a4d9222634c2f2c8dba8d840e6403238d833911e

SHA512
a8148d620a9be0cee41c34f4a2abd9d5a67e7f174a7343e543e28f399897c42e2d27389af3e595ac9f2818ee4208df847763b74492759c7cc46ea97951939053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1de649ebdca4d04bbdf1973ff446829

SHA1
982e2ee00b4e6ed35e3ddb675cbb333c1e6f7438

SHA256
c9a871eb7fc9bea673164a4b2f426f18672460082bebfb6b48658b251bee6245

SHA512
397fd112d8a9f4f86c8629c890b37fb2ef42a270fe5de0997b154c506261d40db143436aa81d68a9bbd3bb7d7be8a78018943ddd4bf5bc2be552b0d298c40ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af0303cf418b33819f3167dd4fce2da9

SHA1
39a2a9906b1ea9d8596b3792758d44dad1401fd1

SHA256
ca37b5704c4b50e6912ccc99b09e0d4181498464005209fa225749c884f86f8c

SHA512
ab0f9e127843dcb129b96d265bb18448207ff8d9a424419ed7c0eb41d15eb1080b8d3c33f7befc2b710bab5ecd8681ea79f8f3303a3de3d4e29fb43306c8aedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
662258a24c317a9947948bc65966f60e

SHA1
b84275d955831e13ae323dc98cf3b69604a6deb9

SHA256
5ad1df25d4a5966f8837877a27b0d358a15f5935d81e12d3c1008e85fa883f3f

SHA512
451b5038ee4c33890d43769fc0de2ca9be75e9042d556c9724e460a0aa793f724eca8c40cac3e0a0647cc4a5a385df7b36b8d5ac687eb27cbbd8505fbdeba8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed145a2d19ab08c22b9be75781ba80e5

SHA1
bed3489db2674577b39acc32783047f43cdcc874

SHA256
4586be6c23910c462418ccfd21bf632606d810f0ff64009990e6a039f96f1576

SHA512
051c2232a08dd18abcf6e5a6bbe6b5e676b29dacd9c4274921f28f41ce97817ba096b46030a39a6f446ca275c66d53555a3104f0c6752080eadad242c10c9128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a0efc08ebf513919ffef059d1c71fb9

SHA1
fd27fa1f2327c737d981e645cac8e00ae6e30f98

SHA256
22281e48e565787802ff1dde3a66c41c0ef9e7ff07eb56a2a38a00482bf403a0

SHA512
fda55d47d1f67d7b32af27e3b3aa5c4e907019c612b9fc3341f442e45d5dcc645a6ba13d7f4d82622c2e71477c772ffc663a2ecc284d6e20dd67fcc146a7a19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b34dc623d101d205a8f56e6d2efafe43

SHA1
81ca400049f52be746968cbbdbf0bc5d74abb2dd

SHA256
ae8e5412c4b07e155efc2bbe1d9c0536047beccc2e02f9a155149b83a7cb08ba

SHA512
69e48fd5f55fd408cb342de6830bbb1af35f2bdb78db1ebc778a3798ebc18b5fe6dc3fef8c2c9589f7b1833a48da63d2890f689ac240a5ce805f421d80f7f609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9272bdc30f26bbacb1045b1cf6a8693d

SHA1
75d10863d3c74f1bfb875d03ea620f305c0d3893

SHA256
26cdcc78f6fd5cc6bbc7f55174b1733cbb811d3db258b9b53ecd9c4579b0b336

SHA512
d4e6d015c79ac7808cc3fe245bff277b1b7a8afefcca8751f45240735f415e69d727aaf9ca1353200ab62afc270bf43eaed1cfa734a1632c2a6ad8452f316ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9d86488c93afddd9705ec08b3b2288b6

SHA1
294e63904e3a40506929ec28d809e90790d7aead

SHA256
e84a0ba2fc56b6a1a8096aedf06af91099dea8b9174d1e21dffa2b0fe639b02c

SHA512
bd61acf7ef2f61c740a7b9c36a3caec58c3ee9cf3d3f07541a153b3ea57ef4d7cf58f74766876e6fd7a126e54d1925d3e4a008ce128f4c468cc82c642d1d1259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
c8a5ba1f57e36bad0ecc8a175edb0a49

SHA1
b264de56b95bb872bacb65edf7e1e2c1b94abd19

SHA256
f5c3476a72bab5184799adf6429f30cbb3a61d4d34d3636e5ede4013e6ee6cb9

SHA512
748fe623d246e9d919c45cf872dc9ce78dcb354d6ef79f7f16a71a208354818c0dd7f56da180264ef26ce562a104a62efd95beaa9efb137b46fe67003ce8755f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ef62b2b1303b5516c7a93327f2efd50b

SHA1
cf878a4b0e230e0b5c600eecc8350f8cb75d8952

SHA256
d0837230b375f02d93a19735134b6958deedb6a99c51be51338583c98b1b6700

SHA512
8fefb660b21e8fcf68653edce3148384a4f4a6840f965392ff48c70dad5509c7a5c013212cdd5baaae79e270efc7ec65c0a33eb733cc688fae5ed632fbdb88c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
8e9784fd47472d707d1df72b74db30cc

SHA1
7508875d892e639debddba0efe81e7818a57962c

SHA256
54563a4066e99561a4f7aa01f18f3883833efe0b6fb0be97a90fad70b56744af

SHA512
39442658567f96238d7413e375b682215986e67b43b0acaa3c0718e48da4b1f68f62eb74c487691aff3c0c551f541e5119814b91de4ea02362b2399e81c809bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
991400bf1e3012d5483d5ce19b0b2282

SHA1
66d1b0d7e673f004e6491f0203480f1fcd668d63

SHA256
52d7270427f9924f1965620ed06637b3ad73775d91e513f4b2a9b38d69b5fb8f

SHA512
d6c31992956b41ee2537adc5797389869bcb6b3a72190ed64387ed0c87348cfe29aff306c9e3fad54f3de051a65136e0fbaa7afeaff4e1cd5cbf9af762434df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
362d0a777b2a3bf7009b1d0fdcbafe9b

SHA1
e84a45dd3e44067ad201510772b2c3742e003437

SHA256
fefe7e5de25abdb96028d769af4fabc6f60133836b34d597f023aca2abb0502b

SHA512
1827d9d96012675aedb47647f485c25d973a963e7591e9a4203d3cb88016450028233e55ca455b48b78957734882d441c98cdc854d7b4d2910f37b03f931398a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92a1cc147fdae01926c6b1538feab0a0

SHA1
b1b5419fa8caf8a063b995aa1c6a7d1cd38a60d9

SHA256
01d9f8c6efd621d1392114d3dfe0ad6514dd31fcb39c7c23453a2d5730eaaa74

SHA512
12a1165b9e2ef444148adf75f8a44345dff01ea16d220b19e9baab10038ff167760d36d7ae848ca115cbaa329386159943b0f575a4b22e3b179623583fdd0111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f044f48f8ba169acc2f0df35f4cc1ce5

SHA1
7b341e1d98cd81b1de016ae49db5501d7214aea1

SHA256
f2a70fc83b93930c616e098a593c8a153b8e6dbd70b328c8cf67c210690cb576

SHA512
af6c8e9cfaf3a6161cac631eacd9f5af7fe2ba531af1bce5e2c6689cef086f4f851285ec8b8e1260e3cb40f2fbcd12f8875987445a34cac553720f236768104b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fd507a3dcb9fac73ce3e95182db75b3

SHA1
456abd421af557e2f1c46def4068d3c2baa1ec4e

SHA256
d83945d29052fcf5ea8e86d7b898fa69326ab257b44aca01473a0016b79d5064

SHA512
0fd2a5dce343626dade78ad1ad356084160b192fb83627a26a013f0dbe32b9fedd05be0dbff959ad44431726b388dc3997dcbe304d682f1404bdce3b47219b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd4e1519e4387a8a325b1a2859b436db

SHA1
06463a040718b250bfd562648bcca8b875bdea4a

SHA256
52ad0af34ab1170b8c6a27e8bd71982c58dc65994954eda78550a1c6af5f01f1

SHA512
6fa8871c2bcd1a2dd1b94156a743ba83172da57eaab554909e04b69157de92127e81c041d9613ec72139316ab623ee27c49f1f8b935d27b10930eb901f38e5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce817630ba86f9721a0160c7c1c2d59f

SHA1
819f99ad15408cdfa5f974070969450a1fde14bf

SHA256
f08fb3bfee161a1ab485b84b2e00ad1f3ad9fb21204e4ed639f05791ac94c082

SHA512
f3cf0250efac4cd8fbbd56f013931791357efa649f350da00b85a3191395ff3f424c1d949f650449709320f5ff3f0013fda85713e285ef7609dec7bebd584ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a94d4097548ea2d761086c773977680b

SHA1
e131adda1b543dde5cc6a17470b4381e41b23919

SHA256
97ce9715b16f393d3cb62ddb54b45811f9f6d676426aad44e80a25bf81ecf2d1

SHA512
b04fbe1f75625ac9be22c5e3377a14378b959d4617009d03438a55a5367fcb6c4c65e5c89350ab4ce291969824ce4c1dc7d81b759c9ba3fd405ecb5ac0487780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
731789d7b51c7b82cc56699952458b12

SHA1
68ffba48fdb57cde9ebb212984bf483377f88200

SHA256
de2169ea6c69a31ade0ef20ddf3a278a784545a99a7d70cb3c6bf66c8a36fe04

SHA512
abd8dff359d43393526fed9cf573d8a16356e3249f0d323e71364552e89a2e8894ad4dca8fe134a7a32d3d7526beff2d78db5d42aff6d98e4551bcca764a19c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e3a5623ee2979b01b70794d37d236c5

SHA1
05a456b945ea5b29735a299ea479ec184ba5e8cc

SHA256
9f4352468b8c022bae23f7e8e46d152b771cfc26c5808b86c1defa2b4baec556

SHA512
48cea388b8f0d2d4689d556271950a1e44d294f6c510cf2da9a06d2817a284ede4d8937ba32045ffe05bd13446f65e87350ed18219cd3a0fe8e7da1510dea6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
058f8c9a4667bfc78bb4371c2ea49883

SHA1
926aa73ec774c3ad3abbaf2269de78480564123e

SHA256
248511f33882d5370a7f7b47c3a50f652df0b8bc50d390d868cff26b6d14972c

SHA512
9f168f9f94ada21dd917d96420f135781fc578d42e0976441b8eeb9e425d4f5a0e4e703fa46b77cee6e2f8cbcc6d18d23d75a74222abb9d060341cc9af1958ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4f8dbe6585dbb6cd7e33ca9cd93428f

SHA1
7b2ba38826824540c3e7c52dc1c14503a1120d7d

SHA256
e7ace14e9d367d67259aa8c0f09721c93b2b674c1338ea9cfea0f40ef59d2af4

SHA512
267aec0ca853ba95f33b85da313fe3b1b98c58f02f0bf302829430bcf5cecb42c7a613be383a4a4abf5e3dc569525b7c8c8f7b5d7c1be23cda7ebe5fa1d6a173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93814d2fbe8888416193aabed2321ee1

SHA1
5edfb217fdac0813ec13b7e359b916510606ee17

SHA256
7629785b765e1ab774e1a5d7738031c926b8426051f76ddecce4f2eb304c448a

SHA512
3d7ae4e900740cc9b0ad71c9404bb3caead5f1b85c404dbb22067983b9517903b9b44e9d19d916b85a30d287a6f4fa58b3ec689625c3bbb61bd1adbe23bf8cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0730ae1dc5bf65777879604b360fd18

SHA1
42ce7ffaf1776558d50ccceb8e65cc9faea5c3f0

SHA256
a78306b23d8b65893ecbea15de902011b884910551f30c0ab4e0ad6339dbbd73

SHA512
e109ae6a473e072de1e5abbdbc90200e573b413b849d497de50941e7e20bdbbc554279d34314357ac248d19390f0f3ae283e9d8a3c5151eaec4b7b4db40dc456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db116295832c11eb067f39dcdd3eb6bd

SHA1
145af9e2ac17eb0b1b5035db61222866fdf91383

SHA256
6699be4ddfc9f626ab2c34e2d3dab420cbb56d7464ab450791b9083620586b32

SHA512
8825fb390f2d8ef1c000a020f8006dfa73cb4185efc0350c77f5d1b000921ef9733152c266295fe39647dddddd7d1289c45babdc8a2df02d1a55ee82e939072a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b606c761680514b824bd6b947620e3cd

SHA1
926e6bca1677b30858daa3fe25b6481a3de3107e

SHA256
9342ce8b03e39e02d682116a8a8c49ea234cf7db754c1d8e5d4b4ba75febbd73

SHA512
4d03102358af625ff3ba12d46534c9e564b3347e5e5158a2c87d88fb036f4d8279468faa0f72da647b7e9ce56d2443da90e7fb78c19e407038944bc97fb56038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0b8bab059a1c5fdd4c892f27754e6c7

SHA1
816948338a453004b3f1fe95cc13a01d71d4bb51

SHA256
e190a9b95db0e06755eb5c012f8da97a30198185e15997901acd7f42397bda76

SHA512
5af0650633a04bd195e6c3a285cd84a3dc0001b4c05612a5e22c068fbd8d6a48a5c99d8561e92c01f2dc5738c4451452163d711317863d9aa6e4e621dd339255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4dfe3fdb2c3f3fc85f32c17b4c1abc10

SHA1
b5d12fefa793d336bab2ccc64d0fe88fa7e23049

SHA256
34a8d68a6d7b2e68b70c383f8adbdb8a8c95c65aa3d35d7a60ecccfffc12c95a

SHA512
24d4e4fc2aadddace4bf23874547720a6bfa932a8509eb06689ddf5faea6e89b1d26357a9693a6fe13d2132de9b5f5de7b6c981d7796bc822a73543b3088a14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf4d36645db072b961437b855ecca035

SHA1
0bd8382f2ca9dacae07b23dde4ef821c38f8105e

SHA256
92a6904eba54ce6b17088b1711b338ff79450871ad1a2dd104bd56f4568ab1b2

SHA512
b6790c10d68891090e6f0159709dec3503945b343a8443b88bac6305653719cb9f56f719941fb88ccdb605545d2ef1ca3e326176614e2541a7439cf9cfa4396d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c004f9682f3700a30bbdb242f4d03f5d

SHA1
d034f132d31c20d1e2233b47af1b551687346f2f

SHA256
a687c5c45dbee4b7f55ee2d4b0e841d39232e691d3733c775fbb055ef6af193f

SHA512
99bd27e2ed7eaca6ff7f56acbc3311f3844bf19adcdcf697f9813f533d0e7745dbc0d08b3a5056c30c870f43be43bfd01100a2ef9144f18693602d4e16b902c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2cfee6f6b174e7c3f8461333771c3ed

SHA1
f85f17c4f54b5921f985c5b17a79a7bf3533cdee

SHA256
d9aa0432b45e51682c10dbc6e3af73b1b3b133829d9f4bcc0d136713fefbddbc

SHA512
793f9ea9f05376e2d3a9a382141cced2b20543c5ff22200739a7929c06db6469470c66259471af3b3fa9d2bfe760a21b7723b9ee82cd342e56d498dc1017bfcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd5dbef8f1d858747a1a759161e0234e

SHA1
f1c32069b1e429d290fd110c830990c76cb0a4e3

SHA256
3ebff2f9f13b54f59908793713553c489d1acf034daeb3d4f6c692cad7e1b7c2

SHA512
fdfa128caf7243b78c96a0440188347dea16a8e6ab2a0e3309bed40a02bea37891eb66091676419e9c4d374e2d606327c3d9bd41a85bd83231c137fe6f97c2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdbc10fa6b14b9ec278f356429c73bbc

SHA1
18f5b605de8b595600c448577f41c6b0551d8bc9

SHA256
686c61ab9f94a99e68df770452163c1d21cd5ff49441dbb6245acd3cea7c6863

SHA512
0ec0537d13748523ed6c661223ad3a0a6e288a5c6391dfe8a6ade721aca50e2e7028848ecb0da0bc0211d19a687e82b29913653b3e6669910a4c02fb5bb4254c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9ec18577aae21c516b82825d0b1250b

SHA1
ec2435255bb6a5df7d07b14fa2b6569eb26631d3

SHA256
96436c51f7d3514ca1a4c82befa2e08e1ec36d4d73c26efbee2b347e3fa1d779

SHA512
590946f54e3559ee1b1c7644058dc95e7499ad853a71bbdeaf5a4ac47db92e62573f3d9fddce4e2a00ccdd94821c440dc82ec0af0de47b992a497aa2702ecab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b0256beb309c98759bb8562ac057df5

SHA1
7a9684a443d8b69a462930a3dfe3aa09edcec07e

SHA256
9e69bef1da893b13ef3cd6a7606350a9bdb8c253d12acd894501f1a600b705f7

SHA512
179b823ca88d8222a32c0b530c821cb77ea69338124edbf3bb15a5461d1ec8f2b692a87bff4bd018f841ba243987df6162e4e79c8d68856e44bb872ba5fc3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ec43add75663088d7d68f19a8ab2091

SHA1
27805fe9cf4dbb76cc98f53783a2801094e215e8

SHA256
d0e2eb9850a2a4735aad25d2780654f849f409f95e4155fba23e5b9a7237dd56

SHA512
f94b3ad201a30994dc8853f49f1591d7ee885d828d3a4a1ad0cf650ee5e5298992c56877140446a04baf60170bfeafcc2c157551cb628783697f0c429b5ac963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a7d97364d8ffe5c1bf52dc16b668cfa

SHA1
a1d001f8f498259b82e19805f729ccbc1b1ac39d

SHA256
01303ba81b40f5627f548e3c9283eac73ad76d0f73a531f50064209c9d841375

SHA512
ebb6480bd2701f996e79139419548548dbc9d3dade4284359b360dfea61c9627795023e6054cd56fc3a6eee420d0bb60bacd061065fa0db264aee4d460e2253f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45a248f2f4c0752bee2686072eba42e9

SHA1
94a1b8dc4a6beb7c41abbc747b57ba2c5b6ba745

SHA256
a941ef7fc03840bc4a5f9f1ffde50bca5d3b7c9c41133a50eaa32e8c2ee9a761

SHA512
8371a883a463dbc9be3272d04cbea148040bb81977cc2e974b966d5d0733b1a6c0d0400a297af9ebafc0e237464f4b37580839ed3bf1dfa4f1223b198ca6fb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48101ecd82f478f6d3635ca6827b26b8

SHA1
8df2b127add3cf98efcd084725558c6a7fbeaad5

SHA256
1b439068bb828b80bd94851e72e8df467abc9d11a36fb0be1dd46a2726a37ef6

SHA512
989814b208d419f90c51414f126d0af4cc86f670e3d29d04cf8afe5cf177a9e2c7fa37df4903bbbd7b81fcca0e85485592e9740ce11f78d1f31e6630b14584db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c40f9d8fd349f0440ac5f1ce8eb03875

SHA1
ec42da68e3dbc57922b02de45fd4bba78613f4f7

SHA256
d643a10be8affec35cba73e8a0ecffed6d5e5d0a891ed9980be42e510b29e21f

SHA512
6eeb582ad6191efbf320506103368537990a00a5d71c2d4275f2306e05a36d47267db2791bd06d13f5c687de36f3772c2ace2b36c19d3279704b9b2c68d6c260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6e68c39b03cb8ab324d1638983daf22

SHA1
cfef044010c97f550924564b6461163b7d70ce8d

SHA256
1e3cab65e1de86e141a61e3b46651b9ee8a043b738978bd1a826166e21e38b32

SHA512
826fdff9a07579c03a59deb09aeab729b612dc89d9a647b6cab2a41bfde9bbcfa649e2c1af89e37a3b818c8dd16c82cb5d422ac3301f1f63b0601b0e2ab3a470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21be4f42622f84d69677ffd143408a35

SHA1
790a3a70079e0eaab0b27e07e88f99885cd4985a

SHA256
dae481d9dc4b4571ffd24cf66157c36a2507c6b12e09453739b25caac1902c6d

SHA512
cb0e65d566ee5fe8c012fb3caba318e60c1b560bc0836de68981256974b4e676868284acc7a26eb0bd2ca3a8575b2a0c00d77905e6012ed1f898c97161295563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58a03bc1eebb9ace23561bef9028fb84

SHA1
0b59ed6f77f9019cd7775392e509ab6b9d49eda3

SHA256
45e60a1d4487292fb2b1f563a2170d0ac71b954ab80bed1e41d98112ecbacbc9

SHA512
74da3c9859b431a95d34cc91a2391b245f6898450b34d92bebdde6e4eb603c2a4b4959a1fbede443937d8ec63ee4517d300220a244292d56fe4d4854d7cff892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1dd1a032de0ff563009fa8ade2db5285

SHA1
b24dbfd8e533ca1315f1e66e0c453ccc50ce0d10

SHA256
dca6898aafb8659df4ae079c949694238c40cb976a2c204cd7a98ff35e582751

SHA512
134024fd0d44be6898e25a41181d609a081e2482c642e8991cd75ee7fff4de87f396b8fff1caac905c950922383b58cd2e81ac551e22bf2bf12c999f38d27fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4a80a0617e3c8ad922cec909baa683e

SHA1
37c45e3216fbdeb0b05b317fab4bdf63b61196bb

SHA256
9ed9030918e197f41b16ad710cd1b75d8057ed3f17517882ffd3313aa8bca2bd

SHA512
7b56f24b5d74e424d4b2f96e878cf4ec09f1e68a44275fd5f8b10677666148db3949d8900c55c5035d7b4fef213d7f7fd0e532392dcb6936939803d92726aeea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b973addca1d897735dc7f939b35cf08

SHA1
7dd723e5ca9feafd63050ba6609ac5aa04c54ebc

SHA256
76a01117b1925681ca174a1ff6fa93a5b97f542cc9697d2f91c5f3c7a68c1b0d

SHA512
d795c57121a2c191b668eba423ce709e72932a79db7e7999061bc8a7c4c84c044c5290ea506e398acd590084582ca3c0c6d0c38fade22b89ebd613c7d09dee14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e4c5a4d28295367d3c0c33e00e9d207

SHA1
2dae909872234ae911c1a3d4b6d85870a17e2be0

SHA256
ae9739c2b3dfd274ec778adced98f0afbf4fbe0087340839783d2997bc840f6a

SHA512
d269cc110ce844afe1b7a7c88543c75372d828c727a8929597b87f82d699ae036682152e522b6b44b5e36ccea5e3379b4dae46f26568be98dd06d68c79e81cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3da9904123cb6c8196422142c19da807

SHA1
9ac27d9247e429a0b163272bc0f58e3ac39aba70

SHA256
689267eff9d0d6b9dbe5341264565c21d47e8df571980445649e0447bd4e837a

SHA512
a63b86b458c28ce5c8d58f8de786b62c25b55c2c8014bea6bb806693e64c0794554615726e2225c353103bfa733ac517865cd31b2b7ceae188bd63cbf711b8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58405f.TMP

Filesize
203B

MD5
27632567b9cca56e507ba87a7f11e160

SHA1
58c9b560642d3db95a5fd209253f7c27a99bd7bb

SHA256
2dc384d9eca35577cb17ad3fda924154973a10428fd3cd9460cf3002bc854bbb

SHA512
23b94779a81967099f1f0638a327be61bd4ac87d232281fb888af434c86b6141e1c6101fea1cabb42ede98cb3438947ec88c6b2347afe28aeab0529f553dcdc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8f02d6a-fa08-4f01-9eca-9e9a108e7986.tmp

Filesize
1KB

MD5
4432604a9e7673497c36ff6fbeb1a5d1

SHA1
b1c23859215b0deae7d4edfe7e2216c6bf9981b3

SHA256
ef51e9eb0ef298826efb9b3c27f111f007f1b1a06db84460e7437ca6a0be9938

SHA512
e260c884902e39a5d5c558b8ee5540389b00659eb24a5b5bd343680556561d0a4f856ff72eebbbc139552867cf93f8ba3b54a5ec73bf5cbdccfd790d69dae074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd569217ad627d688d7f28fc6afd449a

SHA1
207a293989694c9a3c3f0921adb7cbcc688c8111

SHA256
770b18d264e5f655d7a78af68c9793f85bdee49104c210fa7282bd7384f1b5b9

SHA512
a1e323c5cdf321be3baa6a2e1a85864f1eaf4bfba84f091343e85dae1cb3ce7def4b294624818ae451c8f6848b624b6a91e1f1715f891ed57e7378c105848973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fe4b7379aff03e8f328ec263a05b72d

SHA1
563419108db28feb654518307f331fa159e0cbd5

SHA256
518c8f8f7b3e743c821d85e71fc473bb1a620d38090896b494f3d08ff66121f1

SHA512
a23b0f9e9de91e88e151e71dac3b9e8ec1578c110645df580113d261c731a458eb9979af92b5dd929fb31d7fb35a24b5d1d923b1e9f517b5f58ed9367a47e1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
e709816d7074410920fe4815d4ba6f6e

SHA1
cc8c7f106270cc8c0bb58204a680d0f50ac54859

SHA256
57f6039da23299fea0006f191fd2fa1ff515336f130ccef0382b016f59effbc7

SHA512
f6c020ecf8e7a323d7555358bae5e844450078ac345ab56e45292b8670c87c203de8b462e8f79a0f121cf71277e195415ac7f19cc56144d9eeab892bbf5dff6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
f0d2283583b53fe0fdef0c04c64ceea0

SHA1
c4bd72b9646e68faedc4985aa699da80df2a607b

SHA256
aff7467e9c68bc9bf2560a2b9eb2ddad70e5e85a7e3cfa3d5180271c1d5371ee

SHA512
bcd71f3de41a8437babf1fc7fd40c5b8ca4ae982da8c7eb2e5e4cc595a931a7e15d68409d088383b90b2be187eb36ecfe47e03d07e934505044096534b22c362

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit