fe4d00f4da37fe3f6284a28110b891a0c6ce5a4c47fce03f84d6024641731033

Analysis

max time kernel
1200s
max time network
1202s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
31/05/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chickenandrice (prod. DemonDitzy+ Moniex).mp3
Size

1.9MB
MD5

d75c558ef4a996021fb3eaf61d37f176
SHA1

b29b1174dac6e56f37488030f65f6c27b5ea1040
SHA256

fe4d00f4da37fe3f6284a28110b891a0c6ce5a4c47fce03f84d6024641731033
SHA512

aed754c70db65e6bb40adfff4fba0bae8b43a8bb5028d0bc437ab67283c03268894c68a0804b6d4ae31d79b7d81d96b278e78f81a07164d044b7131a7b02f863
SSDEEP

24576:NKD0fTfXUt+hLAv4IPt3YIGc4Y+CrhsdwUKUi2bqcSyM6i3hNGk5VrSwctd6oDS:NKD0At+hL3IPt3YTu+4IwUiu+Gxwctd8

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	discord.com
17	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{87250E4F-E24D-4251-9302-6A68B213C9F7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
3588	msedge.exe
3588	msedge.exe
4960	identity_helper.exe
4960	identity_helper.exe
2440	msedge.exe
2440	msedge.exe
4412	msedge.exe
4412	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4452	unregmp2.exe
Token: SeCreatePagefilePrivilege	4452	unregmp2.exe
Token: 33	4216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4216	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 1484	4856	wmplayer.exe	77
PID 4856 wrote to memory of 1484	4856	wmplayer.exe	77
PID 4856 wrote to memory of 1484	4856	wmplayer.exe	77
PID 4856 wrote to memory of 4920	4856	wmplayer.exe	78
PID 4856 wrote to memory of 4920	4856	wmplayer.exe	78
PID 4856 wrote to memory of 4920	4856	wmplayer.exe	78
PID 4920 wrote to memory of 4452	4920	unregmp2.exe	79
PID 4920 wrote to memory of 4452	4920	unregmp2.exe	79
PID 3588 wrote to memory of 2264	3588	msedge.exe	83
PID 3588 wrote to memory of 2264	3588	msedge.exe	83
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 1956	3588	msedge.exe	84
PID 3588 wrote to memory of 4680	3588	msedge.exe	85
PID 3588 wrote to memory of 4680	3588	msedge.exe	85
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86
PID 3588 wrote to memory of 2316	3588	msedge.exe	86

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\chickenandrice (prod. DemonDitzy+ Moniex).mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\chickenandrice (prod. DemonDitzy+ Moniex).mp3"
  2⤵
  PID:1484
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4920
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffdfe6f3cb8,0x7ffdfe6f3cc8,0x7ffdfe6f3cd8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14621464127536691087,9034414834183027463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
67KB

MD5
3020c65f4e032c0b7afdbce227b54809

SHA1
c951908388fc8299fa86400938fe3848895f0354

SHA256
768ed5a54e968f03f9ae85c3c8d9577b0a562bcee8c1d47a7ba37ca05467e692

SHA512
a2515f821a5eef87595d2a36c3f8ec492dcf8be8394efb89c7e57fa97c2f84f080283389236a5afbcca1cfae0ed32c09df495e274bc14cff9e156bd9732fbe48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
49KB

MD5
ab64fe2e6a72adfb982ef97d9c33ba60

SHA1
46d07054e2b357798755686b68e9f84150ea4f3c

SHA256
40850ad83bdc61e1dd44eb501ee88318e3667e9c1d570c20a5e8f49ffff3b53a

SHA512
14c5dd3e01e2e2659cdd108370e524e3bd56be9f5abef609123c5825cf213845ac9841e613228333c3d58ed20ed540b50b82d789092a267e2d894de0d3023f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
26KB

MD5
70b693e5ec7cc48c00096054d7576f46

SHA1
3c0a9417e4bdf0c4c20099d3b72fd96a507482d3

SHA256
403a08b721c3386fa25189093bbcf3b4183346a81a965f34f598267cfea74dc4

SHA512
b3622ade1f241914597856b911c569664e39c4f8666c102c4869226f96cc87e18b2bb1e87a6d0f5bedb19cea9485566cd8ee230c30f7632a614aad65c56d2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
91KB

MD5
381f21965dc220fe43e71eb0bef4e09e

SHA1
4ae547cb40307ffe1d50ef7d1d7c53556ec4b198

SHA256
2e0bb2fa111555568b763a4847c27e52de23ea60308befb2ff082d83b648d43b

SHA512
8ef286ba9c833b69047799f719fe76a6187e16ef50fb3a02346af4d933ecc504335cc53b0ed5872f59ed4af27a2a20fec4b5159717e1d56e6505ff7c88366c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
55KB

MD5
79622698389610dac170cd095dca5c22

SHA1
c984849cfbea9af4949cc9c466893fcefc6c83c2

SHA256
565dbe85b3b0d457c42f150ccb5364e503d0d4677fbec2fcd2eec90521210d20

SHA512
101e134c7d7cb36c49389698a22a46ae56310ba0d012e8025950c25d0bfd65ec977c648338bac0b9cd2b73c545c3ce0d7caa5f1c80758ad2052703e57f1f25b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
19KB

MD5
809e11b5040035129fb6c51d4e063e21

SHA1
7f1c259bef0161959d441042b455cf6a65bd0a6c

SHA256
3896b0ff81795172b50688bae334e6a245c159160a9fea799ec6e6da24350ac6

SHA512
06ff29fb33d7e4c2ecf4b6d4a2f4ffac54bb9271c58a0fdf032eac97cabf2360a929776f929d2687bb42ec77724dfa1f8b3eee88fb988a9b58ca5b88bd6346ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
60KB

MD5
0fa1b5801ad565ddc6635e1891ee45cd

SHA1
b6f2ab3fa2e2fff3a98cfbbecdc961b40644337e

SHA256
9eee2895d1bd8407be2442338170351e1df4af416597247fd235852b9938504a

SHA512
1bf13dfe8da07687ea5038232f95f405c852d30727cb9398101f9826cd4b50ae1554adb55656566d702c32bcf85b96671e19bfb43f699057599226523636fee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
ea00042a18e1fa6d0c03eb2b7984fc8c

SHA1
e62ceb390a6d55ec2557c8a5ea1777b587710565

SHA256
1cc8703bdb88857ce570745aaea7ea5e39eba4187fea3091d40fe6547af7e9fc

SHA512
db455f2745bd8629ae8184484e34474f7e2fdc412c444a72b52805f55b789a30a71bd5cbaaa05c53ec1cc2e6c56d3522bad185e35aaf7e3c4b86b274c0ce2277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7680b9367dfdad66f5c42452c256f589

SHA1
2df50ef9adbe855f47a9bf52a664343d01b704bd

SHA256
7b18a045428e1e4f74aacc9ee1884b9ea67453b7ba7d619c04fc7603cc419c93

SHA512
54069f3870e805c3117dd78330eb2c91c77e564fd906e4e3a8f5c81ad6d255ecac8b2fbfafc8c2a4633322e17248c0b82e0d022be7f2239dd3dcdc5f3f71138f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1b7de3d78b53ff30c8533ea442c8d08c

SHA1
180c4bd3ce2f5d86a799e39e6df7d62b97eeb70a

SHA256
dbee5b2636d38ee84341fdb708c422c2fabccc3da7534ec20260134a839bcbb8

SHA512
f25fa7e5ccc4c4642b0b84eee9309a764a2d4f9a99071c949d132ae244fab796e884ab154537f703353c02e34249c28bd4271b95011ca4b6c13808f3aa40b6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3c1db833ef75f88d08681f090f167d98

SHA1
939a227089756212e1e2dc7b6ef6554d1e3275df

SHA256
005f743342dfe127e3689fe0492e284b23817cf4f09ccbca52fab01494da3e8b

SHA512
664effacf3187e4048ca3b0cad371c24f6d5032e2488ece09908e3ce10a2d0d5cd688e9845677ca0ba1c2b906df8b2804e966b0cadcab561fa5832ab033e0f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
994B

MD5
443716826b33c02cf3f08cb8fb7fbec4

SHA1
dee12bf9c084538ea60111ba240d0623de0a5ffe

SHA256
5270bb86a63170805abf6df94152beb4a3a7a0cf86595e0a35953b513ef79066

SHA512
22e35e2c75ddc6c619638d886f2f3d09e9dd0d42f6eca395a88c8e476f586753d496d04abbeccc31784317599705cc43b292296cdf62855fb15f0da5b8968f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1a54a4b5341e63f323a3a37937c412f4

SHA1
03bfc23e3f865f267f8e2bff6e8d821b46e8daca

SHA256
ad8b3787d4b56cb2f864e5f037a016b85866c0ef3c7f92fa0d291a0775ed68f5

SHA512
002412284525f78dcd7d0e87895e0b66efaa32728e305ce2126f7cfab886e30256f058c9705b3e9e8aac7e013e55178d3774bf6e6b71074f83a05fc0a2ad807c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6d68dc41eb76a6777a754baf372081c5

SHA1
eeb7cf9902b08356da5cb5725a8f39a37775f349

SHA256
43bcc7b7ca44dc6ebb3f815b4fa28ce2349398236ab99ded24f17c85fc7aff32

SHA512
0e6212a190bc996c134f6ff3e7595dc4c388fad7d53c734deb2d9c0346db60f0e5b0cc7e38ad332714c44026bc894b2dfa023134dd01782c0c8dbd7af93dd65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
67aff42c0ba4a7a720d50ef65e09993b

SHA1
8750d7b3c3d01db11fe0be3177d23d5008a54f14

SHA256
59757364b74c44e4ad6cf80f23ec0cc25901c412ff3c3e43b92cc01f01ca0fc3

SHA512
716fb2271409035206e993a39ee680defa6a1f9842b711cc6122bad9d5bec376b4621f5d249eafa02934b433b82c421b3b69332329a0c312c7753d2ed2ae4155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
27f6cfea6d9eb30f58777ebbea7be17a

SHA1
b652042d778ec5e5312973b38c07b5c5a5e2a1cb

SHA256
69a7de3d89906039182915cfe4f2523a63128ed92e0dfac990d436774dec288e

SHA512
5c741952dd28178795101e7b22acc492c1005b355dc82b8650325c5975fbd9ed3ef4650864cb1496adbfd21ec7bc8fad884b9a0dca21a846f340238385f98db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
221665c5c0e2f5ca4fcc6d7907bde204

SHA1
345946a84a858ab79116dbc13e82f2bf37244ab3

SHA256
30f6beb88f5dcbe62c1cfee7d9c3748e026b0df7204efaa6ce66d8fd043e1c39

SHA512
9d86a4fd1f83b255fab41ee8e01a6be22a4d0d9e78eab5c60fef764f9aae9d1e35b0bd6f1e2657f872ad33dcc38d9b2c0a63b08c4ecd9ee2f505a667aa478121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c7d34184ae4f8e3c79fde9d78b3e7dcc

SHA1
3c9f0597ecf7386870ba27f2961ade04cfc734cf

SHA256
98ec984883be27626c6066a3a0aa9c3fd9b83b190c24dddc34750b248b0efa78

SHA512
598f75588ef4fbf77f290ce21f4099758faf95bd84e59f7975fe463062c27df3392a1ad5afe1d65b581136b0a547d36fc5c8950486ca6abc3d7091a4d3063e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2c7f14867cc4ec5e84782a524386a49e

SHA1
67f97133710d6d2103de4c7fe5bc73532eb2ff69

SHA256
9c1b6e53dc940c08106ac441a0bed1163a98897b1f9586f17720ad1e52723978

SHA512
654245fc6b4b0903ed037800559eda917dcd324360ced6a019b8cb62d5fd20a0271aab2839b0b312e07767d3e339cbc731a5e1610f8073953b78c864bb0c4fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61f8e58e74018289ed18157ef7912743

SHA1
bd45f446ea4de1757332fd82a70fb6d1977a91b6

SHA256
08a16901822221cd4f3f4b03618f73653729e6288122fff428c78ed545b06be4

SHA512
24a3470d916d647c22d62b43666d0b4ff97d7b2425990daf39957b6f8699778bedccdf367242e7643589095df1ee3f6ee2387fa015b9636f32610a7db79f563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3763dd4834afe663e4b1440ca9417ece

SHA1
8f5ada853676d551e12fbdd552a9ed7e5c22dbf1

SHA256
5dd39fc7dc9847498d40f72303d289a5cd1172f6b12899561fa370be2a6316fd

SHA512
6498ef69858e025c4511758f1c547e2524de2ca21a9d670ad36f36db3fc34523f4e33a552a84201794f6ca56aa508ba0f8de856a23ad2365bafeb0b70bd5d2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8fb3e7053bcdaa3a59637ed13799eb5a

SHA1
295d034f63f2b86c41a1e557cfd7e05a40c275b1

SHA256
61f541ea641a2636c8d9bdc96046bd11ac44ed6d7e15edf41695f0b75fd6be91

SHA512
97492577e703064e53a5857a172eccd3fb32609bff665ca2944bd7add78091a173b625ea35e2473cbc879fed2123f9c18bf6eb558258b7a46b940f8a9f82cd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
977ffa7d740f8e40cfab9070063d01f4

SHA1
429fe224ab8c9af75a450374c9808bfa6a6f67aa

SHA256
1065b936a5df7384d36e0d017ce2e604937d45fefbb829ce694280920b5a63c9

SHA512
d2425e07f43d73192067cede99b18d67694b03569cb819faa96671d5013208f908d11789520a5e63319d55c79cd67f2514da6d9af3f1ab6ee233063f6dcd80b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82413d2d95f7739539758f05cfb56265

SHA1
98c93d59a5ba5150ecf849a0b9f8b31bf9099df4

SHA256
6f8dd5197ba361261aabe736fc5e98e9b83e1d0179caa4e0e101f1dfe5426e86

SHA512
33d36c10d6e20f0a72b804215bd7cb705f000846ae5636dcd0d562e402d2d6f7ceb5fa0d581f9defdf443b1d9f9a7caef4735a85fb1ec16e32f7224b5bd7c0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f346c12a6b5e3a0b678f22114772793b

SHA1
0835ff090ec02de6b8353e5b56b575ecc404d894

SHA256
d21162620cfa30efb0a157e6d0cc25517a0d126248dc925bd11c9b4241caf394

SHA512
ac20f9c674a684e01d3113666a8d17fe7e7548977effff529f2d12db8dcea56cddce6fc431cb2a8e5891dd5143212513d729d16638ac7ef89ef4429ce266e10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e5bc4dc10b827b641543f8c9da333ad

SHA1
544eb86de1eff1c2021dd1b85c8c067299ab5a97

SHA256
fa522f0cf6dbdd19e0ee58a160236ef43fa673ae974bd15b9aa85d95582c1bc5

SHA512
134c4b32026ecaa18350180a0d8f06aa8e5bcd777f262971b31735ff1b051f8c953d94256485599bac43f736b1fff3c8a86182546f071572dd222a4731c96278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c9abe725f97bee313a3ae6be1b57d968

SHA1
9e22a5ea8772c0ed24c59c462866ba7850c1db7e

SHA256
a2497b706fa4f4325c2b486bc5c91deb4294bb52032573c7a3fdccc9646d72d2

SHA512
68b9f918fa07b4abaee640f617165da9080d71c066bf3531eb5ecc8658621750ef62ec8875ec4eb6e767f841a8b24db60fa8cb3afc6967b284fe541944bb39de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3d733917-dfc9-43ee-a8e2-7e5e59f0d9de\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\701dea93-b629-4f99-9df3-e1c900cef2c2\index-dir\the-real-index

Filesize
2KB

MD5
ba648f9aa87c3fab0bad678996e35499

SHA1
891397cb6f212e1af0c890a7a8b4900946a81b57

SHA256
72c95f2134a0c8daaf0b842e50db1948b8b8370610b3e9d69635ed773127eb81

SHA512
813db0e8649e2a98a11152ea411518037a6dc3a05c30c6f76e986b71e14b402358212826aea6792bae5d4ad02fa6142627a935c6eaf778359f7485acba2e31a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\701dea93-b629-4f99-9df3-e1c900cef2c2\index-dir\the-real-index

Filesize
2KB

MD5
2261d30521ba55922c1609301b702513

SHA1
ff292338d1910904856c8153be11f81f8857e900

SHA256
33840ac718f6a4c6851d4ed75174522c8c1fed1b5c1c473125a98229ed9d12f4

SHA512
5f96ffa95159d9da7c2eed45432aa84991e758174db44c4c0f82702234dd7e37af93bb1f6f51c00f0806b8963a7ccfc737fd9f4ab640ea8fca3326b5564608fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\701dea93-b629-4f99-9df3-e1c900cef2c2\index-dir\the-real-index

Filesize
2KB

MD5
3b91d9de62ef79543b7eb5a934389fb3

SHA1
a9b89099e893d29fcd8adba9c98d376aaaa6f002

SHA256
5b77498d860c77f3fed5fa1703258707546953bbfec8e5cdcd1351a2537c6228

SHA512
bbed52473efa390983743b16ff9194b3a2b5b0aa000950f4155b2a7721103b8e17cdc66c00d8e7dcf1959bdf19ab6d6415f036b01a236ec2ca8eb54f0c715299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\701dea93-b629-4f99-9df3-e1c900cef2c2\index-dir\the-real-index

Filesize
2KB

MD5
c5480b3c5207b4ed9e6b05a61bc3fee0

SHA1
7c6606303443ac3d40bdc8e67301a7822a2cbd12

SHA256
82409b57f16728c4414b55b7e886ef96a3c90bc3337777657e9495bfae0710bb

SHA512
99c48b2d4f830103e90aab4b79f4ab300bf231082d4ca347bc3e9baceb169822a309a15b3615797f52a0792016be6a275a80403a160bfcbc836a2862866931cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\701dea93-b629-4f99-9df3-e1c900cef2c2\index-dir\the-real-index~RFe59a89a.TMP

Filesize
48B

MD5
983cf33a022af0deeca4458dc973101f

SHA1
04c5afed8c4455e7be4d534c69b3500c257bc51d

SHA256
3a29a84246e5682020cac6e5594c0710719e4528fe46bea9979a5811c9bec565

SHA512
6f750cda06d5c9e423b42403673d96c256c0607507efb09c7fe12018dd9f6cea114167e7830fbd0b1bc3fbca168f44f0e31bc1ed0d49969dc7e158eb9cd56b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\944158e3-80cd-46c6-ad45-f7c656374b15\index-dir\the-real-index

Filesize
624B

MD5
7976a5e03cdc790cb4a1227f8948557f

SHA1
3e5264076c748e5efe7b6ac529803d12c18c0865

SHA256
af4305bd2a37754daec68746e9cb5b19a72deddf6eaccdd12bfa0b98aea73271

SHA512
b215bc01638de50dcb2c7e5a1de5c5a3ac5a8be0708d48eeec7b98e7a147d3037a29ae1622f3134a854f09636a28fb3f309d5f318fe43b7ed0b8d148aa217146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\944158e3-80cd-46c6-ad45-f7c656374b15\index-dir\the-real-index

Filesize
624B

MD5
e28785baab694f6d4f9ea5091a80c160

SHA1
77cea98ab30fdc4b6edffb1421b8b4df60f3863b

SHA256
13ea69879e1de90ff693fb7cc0a4c8a4939a7b60bd9d1ce54104a3476004983c

SHA512
81fb2e6d58d1cae52dc85974bf9c250948e69a615cb3eb320ab339a7fc635cd88206ac1f553c6e0038aa814e411ae7faabd7da940d4dfd937b5bda58dbdd51ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\944158e3-80cd-46c6-ad45-f7c656374b15\index-dir\the-real-index~RFe59acd0.TMP

Filesize
48B

MD5
3798c135b512befb1e8e49eec0898c45

SHA1
0af27cd50f96d910a57a88e304cd89371e66eb0e

SHA256
c20586df5f4a8e4b5ca6ecda3b920f18638d86c3b0d3df82289a7da66a4957dd

SHA512
65ffb3683f11e9ae93ce9caa6137e3824735a6a33b88a709ac8e4cad7aa412e3b298e18d88f5947875ed46019112c48b785774c0be2b59f4e2295844954d8372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8ad78dc222f1d9417028da25e040f0f3

SHA1
a161e1cee9581a554cff7a593056569a85cc6eaa

SHA256
f16644cc7226fb5c9f781dbbd3b574875786c77d376f8439755e1daa7c5d64f1

SHA512
82bf3f5876c2b3603082435a638480cfff6e564fd59eb14dabd1262e6e49e34c9ec03a6c15a911fc4cc8dc0e55b3fd49bec92455989c4623e00cba3a457db6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
96269e2096bd79128e94b8880e1b8279

SHA1
b7875cecff00009aa5c269c56444b82f14ec034c

SHA256
aa3cfe458af74c36f45cf79bb41e5ffda67611fcfd5c1c459ade091e7e1bbfa1

SHA512
fb1b59912f2e6d4aa051c1cc193cc923d3f145f156bd299cce34ae7453f08282e6dbf438a54a11a2e13915c848e5dbc69a73aea5e0ebad3be20fadd8b06da734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
5e4c066eb142f1188db31ecc47089707

SHA1
84a778f1fe4ccfc4701e0ba009bf26a616657ef5

SHA256
8665c299e17c5d67dc0e4b52ce26b284bd90dc8f9c262bb756d891a43feb64e1

SHA512
d767bd057897570c82c35e405390b884b781527f6b9cd72961f787009177d192df75ba8e9643220e74ce2251b0c4693006b6a1615d038e70bc82ffadedd8bf43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
9b82945dce0090a5d175ce4f4ccae125

SHA1
cde03229d13f50667c8e1e52739e27de121a8260

SHA256
1853275be58820850fbbd7900c0db66e0397e3413afff5d712c79ca37c2c15f4

SHA512
9a10d62c9e090bce754dec815fc03db1894b2a98d8af131392e8dee3a5da38b05218b0f9f83c79fa7237ba6229e091487d1628fd08ba0cb482d4b08de46c30c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7e8bda6eb5d911c35ccfc032211c38b5

SHA1
3a92495fb7cd8bb16d2cebf4c0cfc4a6ee06396a

SHA256
5f85822b11141265e7a2233ba3452fdb53634099387f7cc91f498bfab5e0d23b

SHA512
6c61908c54f9ecca0c3ad367471e366804b8d14d526d3323942e404cdd96cbb44180be71262ba178ea6a4e0559000c7c89211260f049088721132b804d127458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
b8b7a4bde9c1fd22499edeec12b41b0e

SHA1
437ebbb8dd3313581f11fcf424565016e405cf39

SHA256
10f6fe6f6b503b90d7e5650083eef26a16e794f8dba668db067644ef43f44cac

SHA512
87aac1d45e16133da8e129681eb470879b06384ade883cfe0230a0a3a1102e9f420e4ab1d10d1dbb4a6c63a07e09b4b95f7ee00769d9c822fa9b76cbeefb282d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
4fac205d256bdc0fa49d0c5911c56304

SHA1
3dfbc36270332402630683be0ba55100a726fe68

SHA256
f37010e5e13bc5a9182a9565187f191b70e85511c713d9b99c24d3785b487246

SHA512
29bb68fa12b183f2fe8d1594e9b80e5565696630ea821f53454c359f43369032f2a9c43f21822b1da30ae22c2b871f0d0eb6c3939c69c923473758ea67439f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
5c92c4d579bbd19d620481aeb32b2707

SHA1
c50dcae02025f993d97a598d01f00431bf8d9ad1

SHA256
3a02f81382b9b834655638cbca05f29f58e4963c616b3fdfb7361324a8fc007d

SHA512
93aca2885e076ca1a7c2e232f87bbf463a8617f90a5f0073ee975167649d49ada5c33ffc2c3933b5b865e5ff9774f0e5116ad104567a3fdbf6a2b62c1a4e7ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
00e07a5c0b3ec67a0e294da7a3aef8a1

SHA1
958c93af5711d71f1d502ee1736536272d477767

SHA256
38fd17d870b4f01add110357bc106a9b655f7d7d6c98b9e3ad9d585e5e1ed932

SHA512
7bdaaa5d555ea5b2a174fea37d62ceee16e9f2b72c2d4e534bf3b6d4f7dc5427bd15b3a940fe7f23198e3e5d469fa3a323148ec7ed19ad5d2ebf47256524684d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6bf6bd6eab0139d8b6962422c24602cf

SHA1
8049c59a05222b0a273b403b135214c7273d1402

SHA256
4833b2d33a92f6a9fb6d61b39cb7e9c6f53a065b300359477ab1724edd0597bd

SHA512
4742667ac83ea6755e54c8ddf9afeec6ac5171bd4200359bdee30589ecf8f264276efe4148111ee40d2a961ba344d08fcd0242a2c0ec1731a39ca61f104eccfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
35c29adf759f7b47e40afda9af0b0ffd

SHA1
f77177da47b5ab00b06b7361ea42712802ab89ec

SHA256
6cf4e20eb2bd5afe8849a0567743c17c05daae96d1a6543a074d50fd28504751

SHA512
787c93de25348163fd53b892abd00719e77a859a5010261edd210905077ab46127635e2a497033ae607c9c3bd9f74a7b820fb52a4a3f9616f692344ea4570cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
f13d665110c3d880478bc0d463aa2404

SHA1
e0529614e1a2b2e0116744fe9bb6d76efa737745

SHA256
85b706102559f3b0390604a8e251362f4a456c8b7d4e94b7894b5932885bfbb6

SHA512
d0d7da5be40d2fb698d6ef9116f53e8e1b85dd3c96ac686927b3d40eae12f67cfc93503bb1bf8110e6abc2d24bdd33484d9e1238adcca8c9724f6db039765d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1c204151e7322282a0f564e37f578980

SHA1
bd79aeb1116cd339ca5f1d496e4e5e6a814b100a

SHA256
e2db35a2368d7924358fabcf8a1be835b4a14853a3da8d8e4821cc1e0d41f7b0

SHA512
4e8b92a7aa43c1fd0a5658f1902c6f3a04b7e422e5d3f0abb6daace686863f08df4550c227d7f70a16c799fe50490782ef356a146b7e0e2ede3890e16f8b643d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59a3b8.TMP

Filesize
48B

MD5
08f993a17220a91a7978fb87fa2a119e

SHA1
36cf1688ce0b3c52abb5d5d83587fe9f270bea01

SHA256
eae097eef3d99c8479e160c31030d7b7d2bce7d67d4d3330f3a666f148579733

SHA512
5d4ade825e37c6b652dcb349eb7afdfb39af8b01e4b9a8ecf37728c1c94b1315613efc10f7c7fd1ef92632bcd9be6dcdc791782ae5365654e38283596c02e484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
edeae8a551e1db3d18ada6b880acd81a

SHA1
c9be0ded0b333073a3cc0bbdf5c1688be6bf200e

SHA256
0bc6cf1e3826a81b73ebc760ece4669a665f1a7f878f36fe0e51fc91b5e2dc38

SHA512
9a68e1076e46916579c7233442e3563200c2047b5aa8ac9fc843d49b68c099eb6ec68e2df2c2ef59991fcb47ee86d0a5a57784df1e687f0459ddc7abb9a83fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b0086ad67715ed717b97b95e6978057f

SHA1
3afa1994ef6e71212635c2f55d547473b2a76dd1

SHA256
031aec8ad4d8d72903538371c2ed227d21bb989857c44b62a31b2e407224adc9

SHA512
d978d46ff842c329b2c86d076570c46d0596b5510ac6da724ead9623f0a888d68f8a6337cd694987e919c610444ee9ad6b65c2b519c37edfc78ff9b39b0eb556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
210f18214f325759d078e0c7031d0d5d

SHA1
8704675c8b9e63d40c57f6732b4057780cc658c4

SHA256
6fbecc3562e5953740705c760e2469d0b67e7d54187ac4b56c8ee9382bf8a749

SHA512
e480655b7da6627272185f61d76ddc7f8e07f808f935d985b4b51984a589f2071d7f21b21ff8b9db9fc7309bd0acb691fdbeb14d3d743a29b0957a1cb9de6625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e0a8f4136348d83e5603d5d49d1471df

SHA1
0dbdca901215f991df492ca09ebe98057272da76

SHA256
21ac335331ae494e48cd9de5d37d5c121ae9101157b2d7cd9660b0f02938021c

SHA512
7aaf127a15e3ef26667473bd9e5349ead594d5a9b5ee00a6fe177df57a9a393a7a2573ec5940d9d7a94c00644f86ebdd94841c236d5925317ed6b5f6468dc73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2605a384ab623536a3040bbfc0cefbbb

SHA1
21bad25fb01fa5aac792a5cef0efd29a61f1d7c1

SHA256
dcad02f809cf2e6ab3b77f2b3c7d02da2987fc4e50fb3a63edbd91cb4a0a6405

SHA512
c10cb0874f5cf5255adda054c9ddfcaf0cb6cf8c251b1f36a8bfbcdac24e1017b9a92ae1d45a73c42ad2216fa815ad1ef792eb9f372b0c4ae6422e2ce66358a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
05903bdad1d40cfa3e12454b40e2f699

SHA1
e1f8ed412b0640d0acb586f07559cad36b879bcc

SHA256
a94855c24295fe0603bf7b3837f8fcadab2bfa73e40b800879669c7e1f6f48b7

SHA512
7512a336f51d6ebfcc80befea9b31a262f6a9a1d0653eda4ae2a973ad8e7c2eaf9f9bab9cdfdbc453b34e8fab9e0d54ba37e1c7d7105784eda894407a26f191f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
ca181f36494ed4bca23d36e0e7c2d862

SHA1
8b918e7fe2286cf9e05c03da52c3f549283c59f8

SHA256
77f0b5e624dc2bff6e1ff28b446016022a2a4f99d042f767b3b1d17ce696669c

SHA512
bca76f1f873e6285dc16b52b6619beed3cb6d1a4e7e8a65e2b6d9b20ef804a58c6083f63cd03278137eb1c35dec850fa8e53c92f6f38ba279772572fa1ac168c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91adadc65ddbee840ba02009944279a3

SHA1
3f31da5c842178d630ec3e874c431f52a3471e81

SHA256
7f498300618ed1489099cfde8305ef86ec4720fa64b063111d14f27e88390fd0

SHA512
ca888b711d9a3c1ad351b334932f3d47635c64dac44d75bcf625978291b0f99b33961d61bf1f2ad830d038b55311e4b649b539f481129da56384bcf376f764a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b65583f093279a77f8e5308d6866626e

SHA1
dc4c0e45d26c5c069769148a482d663bac5565f0

SHA256
fb9b551d257b304671c33ba1068151d4480507529f39e6e0d13482f5a692299b

SHA512
7f43850e54139a5e6bc06942002aae965da3080b8164b9997b78fc030831c7d150062624c07d86adbb922699205726c4c7328371b843d094fd2e6d17e12044ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
6ae06f0cdcb15830ee60f59e4039772d

SHA1
8628a00760156b6407dae5cd4915d0d765ba2547

SHA256
e0ddc776fe144d2f3f0a599d1f863144c8efeb7ee9d969ea7931aa5e9146d183

SHA512
e6296b16e2433d04c22f5e99e093a74b5ce3d869d0c2ceb3ea2fe2b299cd19cbbd1bbc083721068efb9ace585923352de89d055eb5b52cb8f98f3c8825c90267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e05dea05609e4e39c10e44ee93d26c2

SHA1
049265557db54a10a694914919491d8b20563b2e

SHA256
9198c46f0560344111c5a1998fd2e27f646994e3c5c6c03849018796d7d2f071

SHA512
5185cf446a4de8f141501ef23116311b6cccda0bd819c55702f7e4661976f52c0b437a79bd4f07f8ca6bd222f810c08c0ca4117d41dd53213688839a6d3d5864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2fef9fa360a9b81334531e17559633b

SHA1
07b427de0386e714293d65d2477ffc115958ef90

SHA256
114fee3db685477e60010b0d7f15727e4f1f44ef55ce03a170e37b726495ec87

SHA512
ced4056c3b7e20a15362bb053429777b573ac7364baf3a1f4cd0f1a437b0cede5c7d0b705de7bf99a2eced9b4f3059734e7a09e26137bb461970b91335fa24cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39eefe3bdecab74bd6e51638ffd8bbeb

SHA1
25e684b44892178491256f54bd7c468428c8dcf6

SHA256
569f6c4de27d239ea365590cc2430e1f357b577c96034456929a711226ed296a

SHA512
d34f3f0fe98ae5fcdf4139e093a8f6f23f42bcff78cf55fdc5fca677f234cb1034c7fe06ba48dd98dd4a586435930679f803b12fde341be599945212111cec9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca374f6b61242e881d5a864bb064209c

SHA1
b74d0c1b0341c825d23cf248b129d1c42ae6e882

SHA256
eeafbab69b7e6fc0ca5f6caafc4f3c29fdd50f0f0cae7aef479141fd19348a90

SHA512
3d418a350b804fa28245f135728d46b9ea9acbc720842f86faf8e0a7f3b416e3d258f5e247cd8426f15bf34ad51e5fa3aa45fe958ed0546d9e9b968b5acbb00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
50284b84a3e4b43623c8cf80278d8b4a

SHA1
16ada394b9cc5ec0eda77a081417f75c1298f529

SHA256
68abb594021b8a6705008e28f8e062f69e318d6562e50379b104389fb40f819c

SHA512
c6d607be4fafc9de10343864d94542d0c6081648593302830c530f5231015e491e9bd7e76dcffdb00b0d612781a3218aab6e1b64d3479a6b4e1687a5a5d48b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4619bb8c77130206ce542e8808c1238b

SHA1
ed8cfbb9461bad9e690a2f52671af849e6e05e39

SHA256
0a2e5482a9b921d887f09603195b9551d56bd96d279cf46d4c18db2ea1c5cf00

SHA512
a61c7b08ed22e117816451d3f19138975c773a221a85a379689af8c330843e75d4677cbde25e1947247b890607f6da5135b5e26f93284423a736e4f988f90a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee19.TMP

Filesize
370B

MD5
00f624df20121e5f56df438ef4d1e506

SHA1
a891ba697f718fd436c015734bde82e2176566cd

SHA256
78362666274d564e4441a08026703b6c42b300380108f48207f4bf40ac98fb40

SHA512
cd3810593d15020b425a262328d717e3d34f5dbaeffc247ebb3dce8a8764249278e4d290e014ee7de979d86899090436b59a1b95ef88071d6316bfbfd0118781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e4ee78996f4682722ddc17dd6c899d2

SHA1
8420285af8e871c757bc93f483139f0b0d4a5f1d

SHA256
0f445ebc8f77679dbff6e1e0fd1e0ab7240069a6c3a87f0f54ce09b3262b213b

SHA512
1b6a3287e63aec14cd9aea9136fe241c5386e106970f26a6926294e307f87bc47815b8a3f453bd03635a27870a5a61ae5d398738b2209233af2367aef5ebe61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
1553f4412f0373d5333a9f12e49e863c

SHA1
c117ef6e8cd55a9bdf974a228bde97aadb440cad

SHA256
ffdb9c3d8773e354d5a048e7b48ab4bf684deef7d72482a1762c437ed23d0c8a

SHA512
ca76ad53c021753f43c166d147f03b873166c63e494f55e20da0077e96fc8dcb48a4012e94b14ae12cce86dfde5901e53ee233ff72b4d68ae7005d0744103ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
b8547fbe55ab8f81b91bddce835154b5

SHA1
36f28c244db33fccc424520797faae4a68e1b489

SHA256
dff97178cfe19d60928870b539bd35dd587f891ef853d80708fc89c656388bcf

SHA512
1b6ae5f929446d291be8f5980825ffff166d46ca0d21d4939b91ff10f5e6b21c5df12253a18dd8e30d35bbcfaacc06d1c2eb7628546f69292a6373b2bbf5e043

Download Submit