hxxps://roblox[.]com[.]kg/login?returnUrl=4552048792781712

Analysis

max time kernel
565s
max time network
570s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com.kg/login?returnUrl=4552048792781712

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
193	discord.com
194	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
470	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{9BE285B5-6631-45F9-88F1-4FB3C653450B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
4464	msedge.exe
4464	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
4768	msedge.exe
4768	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2308	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 3584	4464	msedge.exe	84
PID 4464 wrote to memory of 3584	4464	msedge.exe	84
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3672	4464	msedge.exe	85
PID 4464 wrote to memory of 3776	4464	msedge.exe	86
PID 4464 wrote to memory of 3776	4464	msedge.exe	86
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87
PID 4464 wrote to memory of 2076	4464	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.kg/login?returnUrl=4552048792781712
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2351432994670627691,13673537466511170267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
  2⤵
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
63KB

MD5
43cc09b97215698e9db8e497a6713a56

SHA1
d615cce9482a461d2293cb03e4941c8be1b28a8d

SHA256
37734f15b6fd252e570ef39ce0efd1e7f8ee2b1fbb35bdb30cc59dd3a865e880

SHA512
66255c736e71c6701a968c11b3a656dbdd1b6c91f6d6a487d416df692acc0e271495cfd02a35757cfab31e431fe10dd6303c910286bad99943729f3ca436d3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
8KB

MD5
e9839acafd9b3b5d7ba7dc413b16b3ef

SHA1
62a1d53a7dd348f24337233bd7357514d8423734

SHA256
6dc752b151726e451793c0661fc8e7ec016f43dcb695334bb8d4475b47f599b0

SHA512
c3316c8a2333e0d1ae6794376ac7ec641f407d738d04611d99d88f07fdb43ec5438c3b0debf2262164b7f29c8a00bff33862854a8b85f22730d6ea9dea2e55fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
fb1d1200f614a9b99e15bc21daa9c4a1

SHA1
290b1a5c2b8f20f548ca61d1b1a349ccda7169f0

SHA256
f0e42d0fe03a7ba5451901ce6093229c5a04f56391df165b3f0e1eb04b06b4e5

SHA512
8c1d5f3768767e54064e2025e88b40e02a764d121f8156d53427b305a2662902caa3d1b399f45adbfc9ee7cfb69bebd63e7f606611bf39e96a092d00b148f2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a70e0ead3b934717b2798ae4f3993c5b

SHA1
a1418c2cb5ed5cf29df2f2499252903cb07c8755

SHA256
0aa5a500b7352a520aeacb2f3c7d48491850e2f23093592dec0e58cf0b350403

SHA512
1f6d05618b6e9e770b02700c0ae3e94a5ecdc43cd997874d46004a7634b4d9d052bb26bb13078d924b4ab53fc7a77c97edc0fbd8a1635fcb9dcb40f1fd83c1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b321f03a62f0c0ff1b5e6d91b4f21f42

SHA1
d66b4c1cd8d7e98f47a2d507ba77372aa93297b4

SHA256
6112fefad5c1221e3d6a3dfea3dc0c33eb1d2ce07f20bb40208f2b98f73efe71

SHA512
f610fb674f3ff4e9c98b961d6b4514e2c53b07bc9db6aa99139cc63b079cc67e3e45449fb18f0a9c7b7733496264d1cf7aacafa94ab8b4702e19a635349c876d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e6de9a43cd2c32e6b2f4f4b7da1deb78

SHA1
3e1937ffdf6520b0bd4670e10a7ed1d9a689ba48

SHA256
7be4162b7ca40aff936b6c023f49584ed909ff13e61f5b49f720ab46b6f7787b

SHA512
7c6519034d036653af1766881df6ca26f334a6bcde39aa5244ddda56609ef0d56f141cb757b666d72d39343b9e8d76bc7d01d096a0311cd73c7080e65ec8ba66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bc1c7770cf23b02c993f0487ac5f9782

SHA1
b5df3f9c0ec2e72aed30be843fe444c985d2d87d

SHA256
9ac3822867fc7472dba589efdd128545533385af7e70e8a429b3eeeb9338cf98

SHA512
c99151479773498a31d64660367109bae46e0d019d7815f165bb766aa0bb26679ec0412ea8fcaa66fedbc2af853c418dd807b76acca35d8d3a78a0e2f1553f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
92c1b0cbb0c7faf8bf27a37845d75c67

SHA1
e1ac766d5ea7b85c23f308698a580df321528fb7

SHA256
fde0c87a4e802a4d2fc0164e4b95842928f57649ab9f6581e4f3f50d9d490827

SHA512
0b6d7a691c2bf3f9f2b7ef7f45dc74804c2ee1d5d755a33fb9b555257e0567c7247f27aed91d0749c4211dc8c7b454c4a5aa272108ae0cff0bcc29ba6344d057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
32d903f8a53244deb42832147647ae34

SHA1
7bdeaef1cb6f3934a6a110bfe836a2530b4fd141

SHA256
6cb98096359dd08750648e2db07da4250caf743726dd90ae0eddee6a5f2d93a7

SHA512
de5ae43cfc9c2413e3709e7323f85ad038181470aee7ea38cc876317c7d0faf720239b3156d604a47126977701123fea530f5bf92cba183e37aba5c1eb4b3b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
d91e3ae34a50b208d43c4eb75ecc5f14

SHA1
3dfbf8454a144c606aec2c248c510aa89bd044dc

SHA256
f33cd71def93a6a21b9cdbacd2d247116223b2b8b7d8820c013ca533a4854cab

SHA512
af2fdc80dfd2261bcf80b875a6611321d9fa228ceea3c027e39b6af5ee834440e92382d371a304c3772383459e5abb83a356b52db45a747a34fd6de91f53be35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93e231b39887c4b2d3cda3bbd965d421

SHA1
9dfe0350580991a93f540e72bfdec7075b305a8a

SHA256
7475a0b4c046de5217f7a85d6ca0d1dfd001689ab1784c29c9db8a4f29ff0eec

SHA512
e6a4e22ea83d37134fbdd8d370d3fff26a50bae6f7caa587059bda8a90a991910d9545c06bf1535716d50425a1430ce78fcf799777455e724ae885d492baa493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
86c79ebefcc9dd9a27005d8318e00481

SHA1
231545db14dbf1cc8d92de269bc8c6cb3e4bacfd

SHA256
59b71af3f8ed609fae27d9d240d98fe642794cea2613a0f8ff166d704451fc79

SHA512
5136798b0093e94e47e5c14e44bcbcfffc0199dbd33859b3146f5647a9596eaa87b69ddd1bb641ea4bdf3c886bd667919297bb3611714d27d0f32392353b9319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63e575ada60077c1303776485d925735

SHA1
e501b33773add0925628a88d491d914ddae412cd

SHA256
49914c5deaf2e7e15bf706abe349bebad2a7313da230beffd89e9b03f80406ce

SHA512
79cee490c7cf316c13977e3ea92bc59f51eb7a5fdd5b3df5ae8c1e6fc6b57ebfd3286fae4fdcf31f1a5d712755568df952e01a43176a0dd4eb089d95acd2fcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3da11cf9e722113f81326d0ac275a38f

SHA1
d1563454e127fbb2fb72e74b01bb734871d6036e

SHA256
704a1a93e1caa6707a46a9259a4feed81865250b21585f45298f442e2a334c3d

SHA512
aefb1e8a068c8cdf41b9f7c05c67f7129de729bdec7af9308dca500fbca47ac0330216985ab4b2ca1f33648bfc15be4d86528a185bcc75ae78bdcf8cb54ca807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76755e0b2b2886986218d11afbbebd14

SHA1
69e373c35c3495591fc6de96e07c681fdf9612dd

SHA256
e711d3c8a9c605e4bcdc07b72a09b4675e7ff833511c4495e777187f9c030f26

SHA512
9fe146d4150fe6a5e15542e57e86fe6416d7c33ca968116983f71ef285f168cfffaa2639ce0e899e17ad789d4d88999132c121c3b681059dcae2237d48dfb86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16fdec92eb979eafaef365466c484571

SHA1
0eeef708c1492a3bf341009ff79426f40dd8235f

SHA256
5a4cd7ec7ea900cb6ec433c41affc38fb949deab10fa77f778c343d52ab02610

SHA512
4dbcab172686a3ac9f1beac1cd457024ccb23ddf352eb1fca59717f5445753f375d9fa45df675c9f7a3e577f1b45e06d262d9dd4edefdc23107a63966e555ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
56d739c96c667b81b133e27a154eaf1d

SHA1
1f78faa47eb01512fd8be8e77dc96afdc1eb36eb

SHA256
b808e2b3cdd580306fb1a2f2368b9af046122638141494b940a5358386e117d5

SHA512
dc44b87f801d859542cee29e623a7482e2442de586a3177166c61c8f4cb7b6e7a17bab640c54577069a458f2795e0f41729c522783725ddb093c42fa9c8c05e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9ce95f58b4c5c1ba630ff45dc377e379

SHA1
141a704324a0bee4d8edd79e52b94bcef0f11a20

SHA256
50fccf094e00c2331f6ad9ee5ec64b2cd44bcae335c659eb055904abca85179c

SHA512
e3b5ced67ba5dc35b1824c448083083b922070aec7b54b95cef036ebc49e4dc18c4450d328078197e9095baee2e3f5a7c7046dbf61af3b3acd7345b5c0b756fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
953222d8b2f5c6f82c861bd736cf2830

SHA1
1d84e676e0e1ff885a99309d072541e51df5c9d0

SHA256
0dd6f3440e5523c625846e9bf6dfe4a13b1a4caa11d7ec693220cc2165070c27

SHA512
04137b3fe5526a176f5ec70621c62d09d65c533c35a0c8070ccd7aa7bbcf5e87b0042e8ad710777dcbf730646223198b371e2c8c16b736dec0d3b99032429305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
d49469235e1999ea43ef488063872758

SHA1
17a707536743f7bb3a7bdbc9acb2e88c616d5cea

SHA256
d0aec70ced79d91a90030d3472ac446bbd3a5082ad6ddace6ad4a65cf248b056

SHA512
4fb68953a7e8c8153959de45566585701d15beb6b4c32754965ca01ae389f5bfd0129d2e10fa70465dec2f62899a72b2d810f75bbd514fdcc6aaeb2d15808972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
0f4f8fc8345c1db01c6c0d8de8951de5

SHA1
f09e7c9fda04f614e4226a680e1bf1fc4aaba1cd

SHA256
7a645bd931fbd524ce13d3f09cff0b95b5a8fd2584c5a85d0a9c8a95263e9fa8

SHA512
cb8aad32a7d5d3fa9054281920db9b37a380bcd1434a31c8b67b62b02a96d67d45d11a17b83d556c4dcc020b4b8db9d2f8b5946016475a162e11dcd4cc0a82b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79da3faea52c6a06f95beccad9e6c8bc

SHA1
c41e7f54a6236287f105aeaf0aa694c0d46cc0fa

SHA256
9b2ce0f392b694cf5019ce551308c0633b3fc5acbe2742252106f17eff342033

SHA512
b2536dd3000ce3b735e185e7435bb0a6150133a6c7517b3c8baa9b2058e5765461bd6f0105d07429d5c124f205aed166fc2caf0203816223204aaf3559cccdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0e63c8276315407a70eb94a269919cfe

SHA1
d624d42d0c2cac144b49d07b6050f4e135175fdb

SHA256
12463d3a78949b84e285467efd2dcd8d32cfc16281ee77150d2cc7da8a28a3c7

SHA512
be38030a1b92af1a6e0bc2ffbc038d49796c980d5d518c403a682e2f98647cc82ddc04d25e8b5d581e118669e46a1f60a79d177247438811715d860db2e2f379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
f5b111670a519682ebe4ffb8af4ec192

SHA1
ce7c5e7c0b4501fd4f90f695ea93d2c9f6bab1a8

SHA256
69c2307fb6b685e67a2537f14dc34e0e1366f43d580b1c40054c1b7f0eeb383f

SHA512
3f9955e8bd12d8b64e7204d80f37926e8c890e7c35aee595c6f9392446b2ea6b650a2e5409cf478222cc37158d4d414640ea1939130f274c8f24cd91b53bb291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
0a12cb553daa3c6c391af2dde53a8cf5

SHA1
ba7b24e54d89ff02f1880d50d6fe482b9e498934

SHA256
672f922151e0d0dbce5d292819e6daf2bababd428fdf5927377a6fc71599c0c6

SHA512
f93a3f5ca8cbb1eb7635487c73fbaf8ddf4b9aa141c90d6c9a5e32f1a58798a2f9e1269187386d2c6d73a2423281b53ac02081c25b764a1794782b92932f0e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b34ffa5795bdd9847367dc84cd103970

SHA1
18e2a55c1e89d7b5dbae3ea1f2e16f53f3fd9d49

SHA256
7c8421e94ec3482fee0d87d30ea63fcd202654828be368e0e861642eb5945e90

SHA512
207921160afafcf98d341a8929c97a30e4b9b7c7588d8a5029f3ebcdf108a01632dabfbcb314384068f9802b5e6e2a45925af8edd0d65c554d1e74cfdbbf3990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7e5334b040bc3c65f4763f9739c8c86

SHA1
f9745fcc12437c29db29623cd138fe664c17d964

SHA256
4ab5bed5341702ed608604238a521c0979e8e8a51a20215db0f4910fc474e7a7

SHA512
102b4ba02fe6b591b27554001885e1ccae748e658e5cef99a043cb6a62a282c4e2d24def7070e529af771e43a5f105f5bd7312c5be151f4666e52f93c495cb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
3e1228e5a22cfa8940815bba8ac9b682

SHA1
580c92fca3cbc5fa15a764b69005cda3c6bf409e

SHA256
1121ee805cd5b76fe879b9467977c2422d091c71f90cedc1fb791425b5960ae5

SHA512
8e3b97d71be3ab006945ddfd26014eb51e1a184d8b9b89e8fd81a460b93c635d3927cd1a65f81f2d873d28c817e7a632c341dc70fbf7300b32b6c68c3e7736fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
afb0f4641b3339fd33d7cb7af9168c58

SHA1
590f951965d6fc14e12a592a019959c2abc2eab0

SHA256
5343086ee582b7da1141793c20b5fd2738813dc70fba6414b3d09ec95723802f

SHA512
60d54e76ec090c1cf8e187de7352488ad3fd9a217429d4da815d431cb78d4be74ba8cafdf80140ecb5fafc58f1116ec61b027bc07433420f62239e69dc0ce92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
edca57bf34ea4fdad85c787d0c42c03b

SHA1
a0094095d16fc9b2d5eb69a13ca24088522b3cf0

SHA256
627d3ffd5cb07791637e82cc27806a170c6d842c7ab32f5d30c57c1264994e64

SHA512
c0a3a4355d333f78fb868aca4e049728c734cf5985f0aff17b4fa99c6ba1520300982eccf4b1a203e4b68ddd06dd1023d33e60656dc94b126379c7522be777b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
2bf6c5208b6bd4150359c6380754963f

SHA1
f3ac84eaa8235a32b7d3d6747b08e50ff8c929af

SHA256
90736b05c49905a60882917e6d9541d08acf54296a9f28bb92140e399c5149ba

SHA512
6849f51767d755fcd094df4282fb9ba640fc8de65482f8eab887cd16093fcb84479959f7f51b5d3c31dde55aaffb5f7b38096d667cd90ce0cbc848caea17fa6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b9de99c817f4658f2bc6de40d799725b

SHA1
45e6d8d3f14654c643c0e7d15053c5cbbb14cb24

SHA256
4e7a384f144e247f2f106484548623f016cdcf12a4bda1b82d050e9169d7a601

SHA512
89b5096a4230d18b5bfce023f890c99e5516abee6c9b1b5a9391687e2f1b7f6c03e33be09541fe6facf99d91a5773c4064af5fea29461e18db864d6b0f29a14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
48cf26e06acc0369411eca2af4e24235

SHA1
dee7ff462e05db6dadaf8fbd934375f1c53743d8

SHA256
3176615bdd3764e21992a7604508ca9a6e3b9ba91ba3037bce95e899bff70f14

SHA512
d49736a054b0e87ced770be99f6c9d4e6c01eea4778d07d556623e0691b7f7439fae0c0c3dd1674fe45a1598bb08ff3c16cb1f13b32e727537ac9e185da2ead7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f2a6cf1d977d13921fa0643fcb93f56

SHA1
9b55ab01874aca9397c4de2337de6538d3b9ad32

SHA256
06786c5649d5ee0b815ec0ab63c62064a3a1d50f44d2e221416a2924bbaa1143

SHA512
657dbd2a9b224d4f9c5ee95d68af56a98075f291eedea66294b771259db1e9da517f63d4c44f214f3c401cc39c9b508f32ce7b367b483499743ed6b5e425f663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
90aa787adfffa2288fc564d4bec8f2f2

SHA1
4ce63772227338ea6190e2dd96a600462a7e5920

SHA256
255f25a4a0c88087cf03f16a113b7f7e899fea993e581a92adca4eb82412ef99

SHA512
d977ace011e9051593a7b5a92fa18e7aa0f48e0688bcdc69532a3d64a589ec5dcd636a154c55b3dc4a8f6973a7c4b2b9000bf8d93afd22f8ab4186d6e0b66495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
26d2ccd08348ff5bb5267fb77a6c6c5b

SHA1
e5c6a0e14728dddf4727e045793a4a591f48ea48

SHA256
4abee5d2f9268ba0f00c25bc09fc88289c6ff177e50129f1126eb21122bd23c6

SHA512
6523dee8997dd85d019ef41599600078501269c152a2709ec1239a15ddc895a7ff5251ca729eabf4cf2e856e43c65176670d72606bb7e1a8f6acdd97b82bccc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
761d13f1938958a50d164c65cd1c5904

SHA1
a68a2395e0ba921b15b2ad1f0bc86805d0ba9c55

SHA256
e030423b4b83e9f46b850f876edafc816271f4b789817461a1acfbb598901717

SHA512
02a02e252a9fe8b782778628124e60c69b2ea5eb1765542900801d4790fc55b09fa6a914b9e821853dc7fbf763ce26fd3a8281a28fae4ceb99c1332b5ed8f80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
6ed94fb6a14a44579cbd2b7aeb5af4b4

SHA1
5ad850965341e8e7e87108cc321c99b5c4e80267

SHA256
baf0c6712d47d60a98073699699ff4bde3bec0e655ab51a82c3ad62d5333734e

SHA512
339a52c18c6fa2ff5bc77546b2f11498452f684aed1ff29d4e7b1f8a1138e1f5be0cdaf5a25fd5c116f53577167b3cb7c4693a19e366e4b845e30f9fadf01ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0209809434fef628a82d38c098ae6ca7

SHA1
3df6c2eb00681e6ae7a4c7af6a74609245c0eb62

SHA256
80b132cc2b646dfbb89d8d36001c1c7a5e5c778bef9b05b11f9835e13b93b5e9

SHA512
8c99acb3a40bb185afc0b185a37fc92b69a7c9f2a46f6ec182b6b128b0417fdce289bb16c63fe8804ed9fe3718ef18a329c510f2e2851c10d5d96b0e031ea954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
977b4bc93774ba6c12649356e20b19e1

SHA1
6598d9365565182f7ec06b356d93c195f111821b

SHA256
26b419ea1509502f7531e8cf2dad8dd6ed838e68b912d198afc7ff944ddc183e

SHA512
65a97323ad0915ef2f11f19c5dedf75c4a4a538aedb30393e2a1838aefa0509be17c98a8267399157a5277fdef7299bcd674507c68dc79d588cb1881141841b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
6a044e29c7748bb6cc882323c090cbab

SHA1
648aec63b84ec09f93c6c779c09dbebb1811c933

SHA256
ee54b84ce4203cb9a473b7509613ea4632f1f1e81c883d40d31050e3b99ea5c5

SHA512
35271207edb1bc5d9dc4c672ff810e6d59f5382d87bd782a07c060ac2b18af8eb5758b5a26f64b16a44f4db795f6d3d54a11d762985c2b40e7104ae77d5a9c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
be454e8e0cf5faa470f6cc21ebca1c5c

SHA1
7e90459c0bfacb47baea6513915125b8da08360d

SHA256
04f23a3cecb1912f5b71f263ef6b776ff50898773bef5aeb746f7c8003337f15

SHA512
425a310f9f9a8ad683ee282a1e99c7c2ac98d09331f98126ed1a4e644c8e336425dda3eaf7fe7d721d355a99344c3582a3421a582a6f00a9f8411a0f0d1c8d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
a75d82ca722224ba9670c404fd828f18

SHA1
ae695c0a218a6336bdac2f5c099cc90dfe592edc

SHA256
328a834871f990c4a9f44dc52acf0054352448294bdd3291e6301dba864814ca

SHA512
9898dd9a43f569401469481c9f592ea0ed43fe06a5a1b223613f8d34f234273016e59e16a3e3384e7cbf941353c9a4add63886d774bd82a5f0b904c873fa9f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c52f6b74549cfb0a3b1800b6add49da8

SHA1
a4a8a7a38383b14a5be9d51b2504aa0c034faf32

SHA256
228e01ddae3beadb2816975c1e3021f54cb5801376fea28a6d7f08ff42770d54

SHA512
7bd41e19045eabd3a239b792e889a2629c0d6ffd6c60f199c4e0fdf3d4f10b225a8e3dbba129cdaa99aec167038a1034da78f6711d5ccbd8419f8472b84a842a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b8cd44ce1958ea100cdf9723448daa9c

SHA1
57cafddc8f2b9665a6ed54edae4481f5573c1504

SHA256
71ee2da1429cc82d3cb910d91b57fa360cd1d3faae149aad6948a64a8249e994

SHA512
56ba77de2d10cb6e13c4fde5abf20127c210d6ce680f21392dcf1839bb9f8d59914edc6d21f9c3253c8ae52c0861123f0df83002a73c72aca52c93fdcbf08187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8d09fb833afc3f0bc17039fd4d5d6e89

SHA1
602cbb988063c6e1e40601bda4138c4b63556b68

SHA256
cf3b6a2c3ad7d342f23d03f70c9178199dd903f834833654da7d08b016198112

SHA512
5a264cb8731474c484f94ebbf12890a51b55ef6b283baa261cd2ab30a5ff81f1fc58d2b52cd885e40f8f292daf32dbe5b7f07c01857d8af409c0d2ce91b1596e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
f48444834f292fda4ddc1dbe7890c1ae

SHA1
3ed4d75e0bf2de8cf5aa1fbed72d503b5cff493b

SHA256
6be506a3a674b630a574842bf145fc211a2ea77c0ae327596638315b7e123416

SHA512
3da6be8e2b8ba8250c83337128953a25ec192f6052584337e45998800cbef86785788279db6aefc7ff1c78d4ec5cb631f6e7d8bb03a5b586cf16dee717b18d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
73187dbb32a20b8bc2e287e7f0fcf745

SHA1
4fdeb619f3fed1ced117a2f33bc363443b932c9f

SHA256
323d8e812f230a0fe0e920ca224219921007934b0cdfe9f3915757549f4ad313

SHA512
81fdbf4a2759d73cafb0781c45b9978370ac06ba3b2497242ee983e8d362aac83faa787315e359678dd2d0a66cd9e1c515938eccc5fda85b32e88a8b89c4339e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbaa.TMP

Filesize
1KB

MD5
dad03c5a4227a1eb7b5581a0351f214f

SHA1
220b121c83e2b93b55c5a0a7c8c7a61efeaf2687

SHA256
bf1ee969371b14c76919c479884e11f888457d79cc17aee6ced5f434ef1ca5a0

SHA512
82f850b835c73355114b9d4a453ad2c0bad60951664f8646126cf2ccb16325b9d4064e3ca8d10cda4327bf36c8c6c933a64e48f522a396f025c4394417dbeb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79d9cbc3d1ccd651c83e8125eda3e4f0

SHA1
40febc66edff4daea659b6b5be21fbec070c1ad2

SHA256
97f0a766eaa4aa3c1d0684f9d667c04fb98110758fd63240fd2beaa634112e35

SHA512
88005bad8cc095cc459a115fc853db9eddc6a0780bad9af6f7778a427f1836a20cc76ba38a3dd23365fbca0c7ce09f23760468f68cca919a983038d4796f2688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2df53b9dec94130292d0461b60b35358

SHA1
a750dc1888c33a751df9e13051b03049674f6d0a

SHA256
05d83693fde581c4b94896270fe36ed3ca70851321a7a868751b35343e5ca917

SHA512
0b03bf9c9b78748c22c5c8aabb29c59098e4ef5d638be4abdd1758a4b685505ac1cccac053692ae8c04969b22679dccbed9d2bdd2dca95b114565f4681b05290

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
acb9371dc86b773dec945209b1869912

SHA1
e9d760a66924bfa0bfb7bbc4aa625b1e8bc57af1

SHA256
96e3688a1d520e8b268d9aefc71cdb68d2016af3755c8c98b83c2db7959e7a5d

SHA512
1952157cf1281ed2a47947d3baad385a2dfaa996099f6861d7d78935754c9dc5f964b11e8b5cb778bd20141ca0782f1ae4d85c640a640bb9123f7e606a306e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
caf8a5a688d3835841ba7e88b556d78e

SHA1
2102f596be52868574fdf504662de376f4aa1ad0

SHA256
63a3b25a1b72bb2e4c14ac6151a73ce6a97c92235accd677a589d820975d3323

SHA512
d71e372c3885713d3763982657d2d537fe5580530bb40f8046198ec2f01ef949e22bea7cf8557c0759756150e50c4a917f071313c19caaeac81984389442c054

Download Submit