hxxps://drive[.]google[.]com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail

Analysis

max time kernel
892s
max time network
893s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-12-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{6175FAB7-FFE3-4DB1-9225-519A457C4410}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\conn.rbxl:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
3152	msedge.exe
3152	msedge.exe
4256	msedge.exe
4256	msedge.exe
2604	identity_helper.exe
2604	identity_helper.exe
1608	msedge.exe
1608	msedge.exe
4812	msedge.exe
2736	msedge.exe
2736	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
2388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3080	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 1388	3152	msedge.exe	77
PID 3152 wrote to memory of 1388	3152	msedge.exe	77
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 1748	3152	msedge.exe	78
PID 3152 wrote to memory of 5088	3152	msedge.exe	79
PID 3152 wrote to memory of 5088	3152	msedge.exe	79
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80
PID 3152 wrote to memory of 4684	3152	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab0813cb8,0x7ffab0813cc8,0x7ffab0813cd8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1872,1864517776270868326,13044768124263653357,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000470 0x0000000000000478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
55KB

MD5
95069409bbb052adb7494559bb4df57a

SHA1
394ca4c296a33fcf2a7cb240ed22faed1258b0dc

SHA256
3f55b0c74c84c016c76a4d6895a9fe3591b31d7bd41e73a72439ef3241166f80

SHA512
9b5e0afce35f757730bd3b53d8b7af0c6787c1bcc17e3638cab10fbf7a1ec36caac96645a2ebdd36749607c4756aa181550935506926345ebfb11333868782d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
616KB

MD5
8e812bec7018885bce7d8fe608165629

SHA1
72b85e55dba6790328669a5b6c169d18496e9a94

SHA256
b71816b8c897c7b54ddb5de4fc76278045701380c3e0873ca109b229625273db

SHA512
a59a4cf5d6e72da51f6bc5497766ee48036a7f08826590d4d08362978e11f6bcc1c337be62fba8d4d1084bfb2fdd46edf788f5a7edd60b633e19059fc75db0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
326KB

MD5
76973332e7a310ea17aca5a59aca8b14

SHA1
8016ad6a39908f5e7edbf005b35da8039e5d3413

SHA256
4861fe52cefb9f1cf36843e9deb92ee80523e27595f415d0a4a540fc0de962f6

SHA512
0fb45b6fa661d23cb4ff70bb67024340615c9019a151f3b1d10013aaf0bee0b5f616da1bf81ddebf7edf85bcebcf90fd11db0541ae98f1ab541891fa5a26e672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9be25bafa9a7f6d4c204c66372d4b912

SHA1
352bdc45551f7ccdd8fe94f7a67b0efe7cb20120

SHA256
a48a56e81dd06374269f0b9fb19a4f92d87873c1bfaa91105d3e961616fd1506

SHA512
1b89189ffbfc17474db90f2480ed4647712bfd036173917520adc8c9bbdcfed176f32bce9bf1f5d44ff4a6d75a95a9e1379815c29e6cb1bb118f391a36f5b35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
639d4f0baf43551e2cfe7c0dcbe94198

SHA1
f85c3219cd28b52ef9897e9e6e7599ed237b248d

SHA256
c9c6cebfdc4318904cf57e60d6fe296cdfc08c829fc0fdfec0efc13f59982025

SHA512
5384235439cd071380074a2e4ab22a2e3b97cd70dd6abdc548f2068ba61a65b637aa58f62953f3529220bfadbdf857aa4d0b8d649452cd31cd832fafb1e7b90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
55bb544f6efa3bd57f117d4eae4978a0

SHA1
4c0dd1c20afc35088fc56c40fa481c5f3eaa329a

SHA256
be8471f2921bb3dfd60e48b4a624738fb774b778d1461c3624db42a89ef98562

SHA512
cf9e079c63c40fc89ba4b7da5f0f602e2d95280b623e27616b606a7b510c46d23e2118b6409490ed134ee9f5f4111557bbcf13bb9a8a1be9ce034d22c3fee9e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
719391ab46c9d4b4cf0e25c319710ca4

SHA1
55a6b405f2c1d032cbb8565ae69d36d35e950019

SHA256
1d423bfbcdad0a7bbcedfeea2252e3a5f00f8c7c7c12e5d5aba0de1fd371bba0

SHA512
ae569e5a9507b99c0b528c4e113a21f497f622823daf77d8b7220e0450a75a978c8d34892f61f20193fe306f4c4559d5d35274decfc4a78838ba7e84b82b7ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
61895a55b2c373a5574683b958658681

SHA1
9f415fc302c1e56b136baba3777f1d859e6c9110

SHA256
fe6e4308cd9104d45c7ff2c9b212ec60b51edc26e8c8a87f2ab24be6b6a6f671

SHA512
8eb6c32dfb7512611ae4ec568d4b916ac097b8cc215d6a61e260f3117f2d14917ad022045584428152954409152614b4dd7679cc6aa9161921cb7ab340d3b7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
565269236fc0011b469e8cc1699edc89

SHA1
16fc2acd57513df1ca0fcbd39272d89471514d50

SHA256
94edc8e21ca11cdd5a8720586960f309206bc8e803b1b6f8f070ae9caa6861fe

SHA512
62b10440dbdd33e8688f89481372af82096a8935f6f05c5b82c282c6014000acd5d066d503fac35e5f962f9c1dedf0a999a50c54afe0807cc135608d5adf8408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a39bb7cb107efc776a95af3c59b67c00

SHA1
6ad166074aac12913538a2363964d9fdd8ff651c

SHA256
c9ea7a8750726519d63130df430ba8d8b2f3a5d03d3fbd648c1a8e2f5fd1205e

SHA512
208e43accb035de17130806a13455bffd187463d70b2178c4cc17b0818892ada4a98f0fe8eb08d7a7864e9e467b5603fb063469f65cd6f54d11599f36474cb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a5ae1f6479f5b8174cb609606f98b4de

SHA1
348216c9ac582974c845f8ee66af149d9b8ff605

SHA256
e9b5a12c890107460c0475021282db92f424e6edc541fe1522c6e697e8acf274

SHA512
040bff3ed427912f01908d67d1b89957c3d7ac2b4bde7aad84159933407c005d13b3e7d7ead29edd89777f4666c266951bf866b869403fb4e5613503b9070dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e473a7bd597b252d166a01eb5980f892

SHA1
5fb1a4de1ab031e0529ca1706c8773dc4d5caf92

SHA256
2315bee97a93ae9c9abc27ab42741978b773fe6892e8b672e6a9bfb8c2f5af96

SHA512
bb34f110d0d11f4e533ffeee71bfe9a67e8dcb9e352f812d3747e27607c7caf0c4c01f9edf0e56bb521b595cf1674d25bbd0d264bfe9ed02d4e69702da1e6ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
57d2c6eaf7f6219c97ab689d50dbd176

SHA1
2af273213829934458bb0d5f3b303988d32961dd

SHA256
a47b4113aafe27554c413a7a03eca2cca159b46871e59c2a6e79fdf70d6a1647

SHA512
bb887f46bea23bee698752f169cfd55f3a9bfa382d435d5235c6e64dbb0f38b9935e2eb2b07c0da94f54ab8effe74a7f78cf4a5354c11394858f57593ef8bbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
08e07c0b4987311a113bac876dfc76db

SHA1
2a768e5cd1e32446a3ecf4468b187ca0c159c697

SHA256
0c37fdbd37d88ce6a5994631a298f35710a6c17f82094eaaa71f94b7d93b84c1

SHA512
14964a0cff323d8c835ca0a32195589766123ca0e5c779744edbdfd36020b4caad5c19e2b264f34aa7ae489bab5b905113d587507f7fe4b9d3b1a83ecac88374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b22e495abe9db4ad988116a0e2a1278f

SHA1
d4a3f4168aec6db4441072686edfa43e145a005f

SHA256
8b632d23def4e16b5594e5175294522ad584b161557bc324263eca48fd841252

SHA512
054c20863aa9c1a1cda090d3e5707aaa66a717748a6f18e33025de55a2e3df50dde6ab409c8a35420bbc28bf733f334a70ac638c4e6c954de514d5465be4486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a472633a738fb22e2dfb48ffc1ad5bef

SHA1
257b92ef5b576e63d46d39420207b46b949fddd0

SHA256
897d0e7cf6c385988d0a047960602777e7d20709b8d7f6c82b0b49d49a327a6c

SHA512
db35ec508410537e513f467cc4b903511620ea659df34f50e833ccdd05bc76186ce7792103babbf2906d606e9813be648215c303ee9e74864ea6ff70d2596e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c2aa3efeaf4ae9b4f3a8a627dbc5e459

SHA1
ac34bb1bc5bc47fc2179d0aede942c9bca7e4d26

SHA256
8ce895477dbed484a0762713e18d8825f70d8606624008a76bf25997b9a57548

SHA512
b4b3a407e80e8e48295bd714f8ba64bc81e783a57e40b758d2dd399feca9dae514f89e1deadd87ca5b101f8752c4028263bc2c7a97ba0a8461fda3fc22520270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f4f8a15e0600d78f2591d90e29bf309

SHA1
61865b404f9358625a7cd9f9730d6959d622f3f2

SHA256
b00bda262a436f2c5849935037f16c0900a6d994a7f22440eeaca4d769d6e691

SHA512
ea4c17cf39a05193536ca480219c24fbc77638ea590ccbbdea4484d05196140459fd91bf1d27e9d7656cee8a9ffffd34baf4fd0a4729b0d88c6570441882c1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1c481f7a71e35e1e329a133cc1f240b

SHA1
09ed28cfce471f5053c8f5498dfce6560c73eeb0

SHA256
19e8987561503a598e30965e8c0b24fbc193966b9beb6707dc398fbc058bac6e

SHA512
7c0d7ea5134f88557b4c399e6af88acf10050a0e1969da605793568f288a6347d51ea94555267b02e53581ac51f209021637bc6e4a1fc593da7739ce22abd9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f14724aa6bb6f729ccbf1a43b4b11c1a

SHA1
1de59acc40d4b8706b0b049dd7267f537029c8f0

SHA256
61bba2332b34fc21542557e4732d710e20281613458f3580e813cea0a8b74810

SHA512
e28b4d7fa890918ae83138eb85ed3237113374982bb1bb19916dcfb33603820cdbb957b8b6cc792c626e0d986e9ff3fd0024a2154e8f1f8830fb99169a9ccbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
883bf4abe3d5dd01a11f51f8922cf9ab

SHA1
d81d95c3dab1ab161cbbc9799830a7e31e2c10f1

SHA256
fa4983b158c6af4eb5319e5a163309e6c51774eacc39d341e4682aff3814404b

SHA512
79419075292df96ddf44f1ed1e11a95307a6ae1fc3ffbddabd053f295f28de209672c458f62be80affb8258be710261026d3cececc252d5fc8abdca6c4c061a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68a9ddeafd27b97eca5c95782e4b02e5

SHA1
1731f05b12bfc6684fc61be5e3d78738cb0d1c9f

SHA256
0e887fa6927e062c442d0c91e884622b5946d531082e3a71c3c39d6da4ce4e8c

SHA512
f29c7adebe866af40701d18a1f40dc7a0c64589b614307c84f59af30996766d771d12b38fc8bca34d683bce5840cbde409218cb221d25a128bb14ee55f4c57e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
675eaadc6ce16a374eaebbae4d4801c5

SHA1
967b289a4626d88ca9bc1da7aa52bb19a678dda1

SHA256
59128482204aa4b34a6e4c0f0123e7d1600480f69c78c4b0365fdcf13e866b0d

SHA512
61ddaeec47ab3dc6f13e31dea2412594632fcf3934602a3e64fa80ce88b0c37d6d3b1a545438e84212552464016ef7c95c81486a3fb51438e7cb30ee2cdcb5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8e7bcba60bf0610acbb79b943c9cd7fc

SHA1
1244be5c2f1b03e437f0d1e3e398b663caa2ed81

SHA256
cfb3dff2917c26baf766f0bc8445a912ef33dd63c9e775201d01a851ab6e5059

SHA512
6b48d49558f65a5bcfb0c479d86322ae4adf0019bd9613f55eebe13d3335a9209d717283e4a0ee64d46e888dce39fdb4d9e9c0018bd3f0f46af76c79d60cc001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2393e4f636932fd766f1c32157a47ab8

SHA1
28696d3a582cc82f67ba48688078e97de7d75439

SHA256
3557792b4d5587959c29c9fdd8b55a599a8a356add9639c8b83df4ecf3c729a4

SHA512
cd3faca8da1aec1ddb0ba4eb87a5846d8feb8c3b316931e0eded703f550e3956eecdee7c2edfe172b54f1f4456a3bc589f421747d19cba10d86afe071f0156aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
81583d1c6c09beb153e3da3470bfc6c6

SHA1
e911225dbc71dc8872db1b65ed437b4d1ab2f9ed

SHA256
0b6a2d4ea5cc9aa56c9dd4f7d8c531d8caa51856169a783fb46b5ec64dc6b3d2

SHA512
b0945595c641d04362e7222758770e0a9217c6d4891981670a42a3afc7c4ed413ecdf5234c3ee791a79e050270935c321da2be0d756692639b2011467571c2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
710f71ac47cf00b26c28c12f5868cf26

SHA1
4cc22e105ffb91683ac6cd079d94afcb5787475d

SHA256
4e3d9757e231cfab412466083ac1a6ab8a45481e92deabd8849af267f7e57f11

SHA512
52a44abb34bdd7113ca614d9e7be91a5cc07e2ca41a3fc5298d40d8a5e1f935d703da16b024b5736ca10cd2cebafdaa74c3d7a59107d1d276cf5a5a73ef0af97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
81924aad2828e6f50515842a2132489b

SHA1
84a1790cb93c2c84d6cc1750539ca0c859f0fb85

SHA256
e7938309a7381b8fc1be8b7bdbb3c7280aa1d2f601b126ca983e8fb4f68a8114

SHA512
4774e29fc5a6f9dc20f77933636aa4589af2437a3f77ba1ffb124c9bb9677e903106d287e122f75838b16cb414839da18ee5b4425a835bc580d4f3caae32f811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe2d6ee558128305abc05050516f52e8

SHA1
4d332ff0c86409ab40a4b2aac1ab4cea4e500853

SHA256
3522982a25b04f61cf11b43baff11f097e5b0247f51ac9937636b5cdb2b0e812

SHA512
0cb8deac6a5422d41ae0cbc6421b49b42ae167ef4912d4aa927c2532500a2aa6284b162979631fcdc66ee176483ca374998eb031ec444da7b2ee9f57352c545e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0161db533da694916d4f39bee9491bb3

SHA1
551f5319741b144a115273a843408928f1d9d90a

SHA256
0d36494d2b33b8cb10081d911363f775ef4e1106dd307d3fd428fb02d6ea88da

SHA512
c03cd0abe4c5833e8ddd47bba85db471a4b2c40d371bd0946b0e9a990fb806a782ddfd8f0026f21e6bd2847cdb1890d1f1b9581844a3d99fab84d6bd4d077e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e911b9a61951e7f371bf28202fdfa915

SHA1
294794382390ebe0f4e204d89b17a76fd5bbb9f7

SHA256
e5219981205586b932144932bdc703ac1dc97a8804fa878ccd96a376c060ef61

SHA512
f68deb7d1f2922f25921c4301c59b600fe1641a1bd0e107fa0b1a8e985d59e1869a18323b50ec51696a8dc6680b9707caa290df49345c815a5a7ae53577cb3af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
28ff03e08013055ccec6bef226c2ba50

SHA1
94187feed118d9fc970897810fbcf2088bc6b62a

SHA256
bbc92aa85ca84d3ea178c20edc132db0ea105ecdf4858436c47473bae77e7724

SHA512
0bfbdb8522bf4f397faba5030bf9997560e4893093f58d29e1938bc300d93bacfd9dc17379878e22fb39c2e420d26e7841610c042a14db724ea2ee23f53c2fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ba65cfbcda7b8a1707d5d1b6ea3ba9bd

SHA1
7e8be29690a9619d9893c052a10633f8539e482f

SHA256
0d2baa157d01a27b168431d210f27e9069db322c918dca521489c5ffa4ba904a

SHA512
7c79c9e6d8e84e5d1463781f156e456c27b53942fb731da71c491999ac39b150c7d8cc5e42caf2d3438440390da79e02d8abbaf50c1b47de8ebc30a0bc005295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30c953396592d677443d843880409873

SHA1
032ca424b4502027636e9f490b2f5ccdf129b4c1

SHA256
031031b3e1435202dabe52806415bfc0117447671dce7a15058cf6dfebfdf815

SHA512
519b9a7869f72de9ef24e807ca2daba10f6432efa6ab2b27bf430bedefbac929a65588f98c8c7722786327d149048ad3f91e1a98d2b3e3a516a5b4cacd84ae65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2c975596e2599013806fe7de3672bdb8

SHA1
74d9a108fe2814a4de4d13f2aa7d99d77c4d70b8

SHA256
f41722fecfd6577022743eb9b564ab17a31c4ff475fada3a3e2d75f0ccf1100e

SHA512
2f84ff6c6d3bf455a44c712f05e6899af581ec762a2132fd8e4ed15a0cc1ef17f63ff5e307a191c98d913f9efca364d7e242b68fe872c69020dca19af15dc286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f6e0416f565c454a3108af9d55437e9c

SHA1
1ee80339edc3641029867d07e532b7e6b93fe733

SHA256
baa8abb167e1a3c78e4d8949b9e23747daac74aec2a54164d77d0bc012bb3d71

SHA512
7f03f1fd8b720de160d299bc76307d1789bc5c337eb27b5e850a0be54e8820846a3f0228e2b3ec49060fca51433732890b8498b91923868dd1374dfb54d04c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fadea6df3c101aac98e9197f44aa6345

SHA1
0ab3dcd078aa9baa7f175f7f4a1945d61d9513a1

SHA256
83452c01493682cc6a824b65fc35fe74bb567f313b019d45ad5854b0e2c78330

SHA512
43b920954cd2a5776ee953f89fb3a516113600c8fc8dd6aa975e311b9ab9c40f576442c933bb6bb49c9295a8cd0ed95269e599cf6b6de89b0f21736123021a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3c52f50538937dbcdd5867e45e665a56

SHA1
75670112e00e8232a109ad4b5cdddadcdc8add53

SHA256
0d179a320f184276532c5f02c06e55308b3ea97a7be8cdc59efb08cdfbd64782

SHA512
d0b17151cebba1ba8747d80d709f85eba3aa1749ed2293a3deaaf222c388393c5f486d33ca79874d135b38a5a2b46b027d01f39f99d48c5a907781312fc890c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
07c31958e3310eec0a527ef85f0cd974

SHA1
9b631fafe2c961309c421a5d1571302ee681bbe5

SHA256
dd1d27198e600509fdfdca7cfa6575352acd17acda6f6b3cb4553aa005126f44

SHA512
27c86d4c57e178ac30810195e269c6d94d901781ba67047e8bd63b981de45ec93f56eb120942344f826831432aaf7a0e53735d67cdca328ffee710d963e68544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1ea90c8c2b65c36cd97a15a45374d4b

SHA1
40befe9f2b9a94c19afff8a8f7d3aa948df4ef9e

SHA256
4848edf3a7ee451922f02efcfeb2f2b299fb234105af3e36788e26323a31c01e

SHA512
5f6590dbc6d1e64c3bd145ce4f2e2e159d2fb0391ac2a3369fd54a888119a10003fcfc3b594881f34a76c95c1ca160345a74775d1c8c30ecf1025b866f66e91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
db363cbb09d8344a292d7812ee7de99a

SHA1
b2702a967a39ad417f4d4e2836bbfbe5fd9a1707

SHA256
105bc763c568c424bf637b58d6e9370047c8608b96863c9d18ae57ffdca03a25

SHA512
9e6a9d552896df6834f622add00046cd99713e7d1ea3a59cfed79b0121487a362a6e2e40543ba06f25d9dbb18e05e3e6b43ef36cf7027d13fe558a8e2fb97ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37e30972ef232f344a693b5b84483c1e

SHA1
ef89b48b96edbfa0b89645140baed4c32df41657

SHA256
8d95c689a4d015fcf55cb46f33549942508d28f251b1c02e0c4689d5c2f86230

SHA512
3fcbd1196ea49ed60ea1fb78e63fa543ae26a304ecc01a8a82b1a0f1257da687ee42ba4ceafbcd97fa4cce77a1210b8f0cf781d9fd36d4a062f3a39f03bf133d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6afafc99a409639b6a201d5c4cfd2d9d

SHA1
a7f074c4f1aa05b7fa43a9e2956334697b6d24c7

SHA256
9a40854dbcba097e5cabd530b664771809c9648acafb42714b48b9888004e03c

SHA512
2ecc05337bd39d754f8440e6a061ec1a6ba4d8215eb109ccbe498fe955a98e3c0a95ada0fec74432c123499732374c29a8d7ca016006a7f770c79b0c35b73a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e9eb4994718ee4aba382ff0f2f8ae3e

SHA1
8157f67ffeb346ed56cf623dbfb3d32b8e27224d

SHA256
61022b7a26025bc19803f82bd1081b2436eaf62aad3ce3618364ba5c843707af

SHA512
de00c1e08bfac9c4399b71ef9a3690952569b57b2f9aa1598746dbaacce432879a2149a2e85a9df5bb92f7c8f9cf5868aec7cf397bf6c6e2c8504c59e8ebde43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
84c46db9ac7ed8ffa67d17f37311952e

SHA1
36e20377b6cdb4d84510acbc420359421272a993

SHA256
42b162bebb8c5a20ec178712ec1a9b4091af2a19a15aaf3bcbf120601264890e

SHA512
d70244aa5aca21eaa265cfce610a1c421ab123c64753ea930b84ae492a132089cd644dd987e313761268372da7168920cf1f263f2064080f6251adfe369f2102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d2c292b77c5d4f0ff09227313e9ec241

SHA1
aee5d0257007b0775ab5fc709f7d0b624def2a48

SHA256
c098cd8d8fbb0f725180011f242679505f1a3d88fa2b95ebe57e5261aba3163a

SHA512
9066002485af4b4ca17ff513a7b0092f6946b7252924c95dcd6e8a0189f20efae35c634dc782b53ea9cf8d7a9fbef14540b6221d3af67317597e1936d9327fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbd2879527a80eab0bdd22ba479fa187

SHA1
9e2b3a3d6f99033538776be63447c844758f390f

SHA256
b50b55e9f682a7b40f1528c069f672881c234dcbccfeacfc38ff33b277bf8d55

SHA512
886539deba0838be631dee02f42dd0a218ee4c976a01ed5f4dfbb6a808c49403ef958e4de873add7dc42f5dca6fffc4ad6e28358f5733c951ebbadb90b5640d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0af5f5feda032c917c0b08628e456584

SHA1
0588e52d61f9a9a2e1977bd75f861f490e931e70

SHA256
de9661c484c1e12638a3b90cc71eac866b0cd0d0199800b5c26c4d3e74cd7b82

SHA512
95de03ce3ea28f2c6e9dad69301b8ec2fecc448df15fc9d37b776e22376f44bd3803e7e9c3bc13b90c09544abfcd7aa1c7a8bdbdf26aa829e93e676035cf7022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8c01772eeac3bb0fd36a3c525669fe7f

SHA1
66db43f82b083e0fc17cdc3d27c66a8b53ca4fa5

SHA256
149c883ab6e52f391f231990a4d09697eda9490f395e9bd55ada271db5528590

SHA512
77893681d17390029387c6e1c0daec3aa6301f5f7c9ef79d91a5c1f14c2503073693154f3ca799450ea1d866ce03dda12d5193c4fabd34e0d225ac0124b5c4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a3e91dc68cedd5903991ff222c58a3ca

SHA1
b5366383fdf76d8bf591952673ca1acd51a01123

SHA256
da9fa07393ea393cf2833b53b1d9d468fa9028cae5c0978d5e058f51ea2d54c8

SHA512
5762480bb25a61f4dd25559cc91506f8d8a96cec109fa946247294e6321349efa9a66bdad7c5f54ff6319b9bf9cdb60e4c14f4dcb8db6e9bd1c06a74bb38c1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
708548d62f5726571eeaec9ca7dda80f

SHA1
4992cd2863e813ae280feb5874b762e5207adf9b

SHA256
33199f788b410a60750ffc159f9daa1616d7cc3c149c21db4e173360be48b955

SHA512
0ab4c6ce50b9d92fc4838bf74a5c25edc4d64d0ea9c0566cb7fd9d9d2adb51f733a1432e67b2944604ed5c84f07394fc70681de02e0f475f1dcd9801739273ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
936a87a674197a39e1826b3ec8be7f2a

SHA1
fa150f3d2871d3564cd9c3da99f68d6f725be630

SHA256
a007def78da7e0158fbb172fc73584bc8c1208b19a8a2180af42dcca8c3e7ba1

SHA512
52e8d22142426a1146219c29c71a3ede9ca37abefacec336ec9fa04573cdd6c4117a9f98cd0584a72d9d26a782f79cd02554969e9c49ee2807406ca7920a1ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eb9d8cc7786dcd0d986764e33bf0a20b

SHA1
b300d427e80548944280ed1b0b688dea39b0274a

SHA256
170821d54aab3af9d89b1ebc86043944c7a545b1ca4566484fe2adf06c4e0c16

SHA512
df67883f0ee286c848f91f614e33fac5612dd3918b85c86d292e1314837e4e8e8a6b64b888629ec77c539c38ae0ea60e8a6e7c59fae92533c6be43e7a2d83a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ec7ba13e66d8ecec92df955ca2a1f127

SHA1
447aa71195f3e9bc30b5692a2abbf5a3e34e645a

SHA256
0e4f432fdf09ca9c5c793694202a1eaf9e71619e8a3122b29c0dc3a93a45f8ba

SHA512
dee5431b28a6d9f39a5f387068ff6f20402dcc0cc6137cae6ed7d9eeed3d9c64c050688b085f5c0ed73cf13c93381d19b3ed0dc04131d713b9775532a4f91ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9d1bcb5f8e4308fcf9755de6a897d6ef

SHA1
8ba65e61fbe02708c071268e595d7c505604acec

SHA256
dd457471fbe20b188306252e11edd3734385a8ef5216f2947327a1116a6a8da6

SHA512
592ae4ef8b79e7e291f19786eed23ab65c170c3539e3a2a8fb2e114d248a7fe8e7fc888d564e58f7bf7ac3651af500b00ef1e37f2ae0ba0a34ccc0b00909e624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7712217b235566b5b28fbe38758b354d

SHA1
fffd6a3e19a24f79dfa36ae8a132e154bf3619fa

SHA256
0b6ade23bd1d739a065a4389698378772f511ae6a039d75a0244adb639a1ee4c

SHA512
d95fc63f560d2ebbcef617a135334a335579fe8b213926863ef9db26c433f9b7fc36f0430c780525e4e023d8b71352d119c116ace0a993c08fb3ece19ca9cd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e17db165be4eafbefd3db426a8e25f21

SHA1
31c1057e02cdcafa570d6254abcff5f008291008

SHA256
c451413b32ab38a87b6f2a3c3d462374cd04f9958c0509bb2168bfec99d7da9e

SHA512
44689f9424428a82e9f51d354b9b2fd916f9b8f5d62d284cc51e3faba351bec7086b5effbbff224fa5563f654ebdedaa44417412a3c257f4fe2c1b4eee8adce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
097fd92cae09a3798a4edb059be0094f

SHA1
1566de535c6840afe3671faeffad6da8c296e4ab

SHA256
167360b1cf64494258106dcbed0bb8064a04f7befb97e4735b629b6025e4b4d7

SHA512
78d04b00ca15c6b110b114b0510bb5c48e7f4781ca62834f5b33b056092f08b798e37aada4a7b3d4250845114e0f7032e21443ea631f72864cf714e24ae06076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3f3c03b9aacc145d9cda6fff7dd33c25

SHA1
47977232b56fd44f5ed889d094bd7227b79c9896

SHA256
a00cd77fb45836801fd1072ae7c4d82da1a862730dbe852efff6875fe84e75e4

SHA512
c3f4a033aa82a4bc173c10cc2cfb75ca8c2feed787d0cfc46da6fa1182d873b1c435650ee0d03e301410822e2771bb119ddf5c6564542da4ddd9576dda82159c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3e5c725579160a8010d7ce17f03b41e3

SHA1
441d00f85f6449cb9b8f1a96452be96b51455a68

SHA256
55a3807d4c93e060188187df2b08b90d3cd6a87b97048d4fd473519944fd6614

SHA512
cb410624a54bcce8cdb43a746a052492e3c018c58ee88b9d5f5f4a30849ccd4a13df5b16804d3b13499b5b042a2a66561326d0294c0b9dc47b905c2a815c4658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
95970419df3d34c8c5310c4e00bd84c1

SHA1
6de71a79b98d69aa010165a0ba08cb7fc3f8ef2d

SHA256
8ac7d7bcf1314141eecdc5e8b14bc520554d2841ee3d87e5efb819cf2c3c2bb6

SHA512
2b562ce038e007adac7a54feb41eaf89db3a39798bf45b2abcc58f86556465ca4f7df77853f4f5650900b7db3b6170daaf056e1064303f246fcef179efdf7270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7cf4da8443baf3a9443c3dafbc4b9a62

SHA1
73679123c3f9c8acf10464f6b0f94ce4148e3e74

SHA256
85498bc641e68117b04c321d6ca3e8acaaf1257c1f7d845795bad8cf90cc7ece

SHA512
409fa6967ed5beffb8e8cf0598015a95d6546f31d1cc7fb791e2e65b8f22ec35c3074c8c62e98c3951ddc719e160f48669ce97022cea5c13badb92e87363ac91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8543e768e1851cf8ace6c420248fc9a8

SHA1
e4dec28f9baf1c936cb98717d263da02584fc162

SHA256
6d514d01444864dc089631bbea7f78cba6df4c4017a1d13423b1e81131f47ebb

SHA512
d173d11fd57153e8307b87e3e07ea2311fc70d97cde9936b65cbc233cc089e8ad52b49119834c8a17c0bd9e287279097edce9b43393d89eead4bee130c57771c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b56cfb958639b364394568de9bf284e1

SHA1
d5a253e2b8e348c5fc08028f9c894a3056ea25c9

SHA256
4e6ddf7d9bc68b1ae9db513893f858eab3d5a44c6743db2c2ffcad2404cd55ad

SHA512
19009a19234186b7829af259d94c88f7fd4c13f0c435937b328e9a12f5620ba7aeeeee9084c4d19c8ddc8ac5a61505e1fc9bdfab01e7f3d8f8c2c16c8a4788a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
19de38102ef08a968918cf20ea25362f

SHA1
64002d343b7a44fb273438be3f2555d74e8533be

SHA256
fb98074793b1a9c91e914ea085d64434d06e4af1e4dc5ea22b42b8e779cc62f0

SHA512
9d9ecc93fa869092f0921bdc028154826ccd900ceea6df78fb4cbe4038a99fa424c92e808e87f879cdaf0c857658bef35fd9ec803819bb14a52462759dc27e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee26a15a665ac976b75750556813a2a6

SHA1
d7b32780daeb31f9417b35dc2fa8f7bfe952102c

SHA256
4bf6a38cfcdeea3dae5fa566b80b9b53f64c7c531bbc9c85fc28d28a10ef506e

SHA512
90460eec91496dbfa2e41a6fc0416cf253b6d24f3eeadd3b4a202836cc7f4759c55091224e85984ecbbeb9f4e767244ecd9c2f184b97a92d7257d2c9c10a6d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
187446913ac7cf64f5f9fba5d4dc60ce

SHA1
ad8385d6967b75edb9e03dedfdc3c3d0e413666b

SHA256
b7dc7d71c46ee81d9bda783f7965a78db18ede0f41f9f971e13a8bf7f2879422

SHA512
e4970aafa51d64b1ac0c0ba2277ee0f289b1375939f72409ed1622cb8c281f1beb08ec3fb3f8ad52563d404252f265290b78b2fe297d9e060072e686f18bfa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
843240fa16a2abb34170d95d2517913a

SHA1
073fb811d2774ddc8f3489994f928c3542fa9ec1

SHA256
0d889b16107247637f0bd2590967042c4c631b17252e0629c7c49f43009cb74e

SHA512
2a6d38e58108a49a7f377bd95bc5d8b3f3490a4431713ecc7bde327d348e3110b5f84f38dabfbc4fcb319ae6ba90e4502372021f06ce1d76560db4ddf5edb219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8883ff05a9dc8ed684fec82106ba6cf1

SHA1
93c45583be5c9010444125ecb3b0d556e2786e2d

SHA256
f257cf975da87a04537dcfb7248813839bb38a8747c98db2bca0ad0085fb0d9d

SHA512
7944d24d3f34e39f36f4469adb22af1cd1f62d4916c6a47be1600f1a0bd3d2ea53ca019fe17746cc8b4613b4f54a747784f715e9206c0f5ea2fbd3d8ca24d633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6e0018192efb6612e92a618e0c95eb12

SHA1
e77aaac6888ffd2ed4a102ec099e99aeb754965b

SHA256
7ba9fb4fb7c0dd5a3d04d2f55e2284251759ca4e6adea4a37c594daf9efdc8b9

SHA512
fbeb7fa968e7e54fb8d78f171f1f1b04b4a650e8f2bd003bd2fddd363c0245bfcc47267a181aca101f44e7723cc3ef80dc8b5f6ef5d12834f8db7db6239c24af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
464225cad5e10ff4c3ac14d90d25d04b

SHA1
46d16f91d69a72bbcb50c6b2709bf09358523eee

SHA256
ada82d30e0f4d4220a3aec32f16bb2723ab51634872ab90ebe7fb5a48d45f4fc

SHA512
4135173be422678568701f30e279f137bf95f6cbbd16b3422b1d3e9fde729b75bdf2abfa7783ccf2894e435f9f982fa86ef51ec87e6317efb120701851b30862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21c09c7e4faee7a8242a92d1a750312f

SHA1
8f05ede8da3654089dd9fb384237927fb90036f9

SHA256
e3d2927685a6b36051d52fb6792768f11694f7a29afc9689659a8b565930c3f5

SHA512
f8bfea5940dfee7b65e5924be6b0093fea1c0367d568faf2652e42e2d9a9fe69067f3ce3626c187e94b1cbc39ed14ff87c6b4998675e409f1a9f5b8e66774d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6bae6b2d8477f41d59f70d76f77ac8e8

SHA1
4713e85d21cf942920d1ef02a2ec62dd427cbf8b

SHA256
3bedb94d514c419e2714b98dda09b97a6d7091ef1fb2485d5e8b317a76df180a

SHA512
9dbbeca18b8904e52d256e7e6ad23659b34a81c7bd4e76b39400bfa32b2148cf898dbd8c9a7e6599131926282ebc18e9ea333e67a7345f90231843438735b06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b56dff33d673db31e19f26a3abd9cbff

SHA1
d930d1cc1bf331ed4977fc3a37f18c3d7a6a1ef7

SHA256
cd0ef90bb5073027cc858f5bc575888e59f14596151319acb009a044e0228957

SHA512
d220539b726a9096e856ed7d14f499fc1bbcf20776f1efb429fa34823bac068447a9c7248089f2575b206026b1dae220df22faff122ac4762bf9b2652677843a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e9009f259d97e6274784adc69672432d

SHA1
7a7dbf35703469fe5d565f409a773fa91f815b99

SHA256
e91d63a247d6a892cc514aba7514b665c4e43d380279074e4a692cdc757e3e4d

SHA512
677b4f3066ded1f4ec4402e7e8df18837af7e04eac52d0eaf1c83750b3c95fd68825dd01e1a1e5b849005e81913f2dfe8d6134c9866340008bb20d6b39fd673c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b9631546cc98a86e9d69e499c0c64950

SHA1
6c7501b296505bd92c9e3230d948cc59dabc0ac4

SHA256
3f9f8f121fc27873c57f09c73706ae5e1e0366427a99a7cd9edf6402efbaaa14

SHA512
ac9abebfa4162f5443a81400de2feebcac0e614c22f0f146e12f9f81a5162a809724360bf5db39c7ef5bb306a1c3b85e393c45cf70e70dabb66c41ac0411600f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd31.TMP

Filesize
868B

MD5
a121d3b17f917cd118ba3f7827a8386c

SHA1
78dbfd342dc2d188e817ce0026e51cbb65685fab

SHA256
3272a84f538d12cf992798306838bf06836502825a3c1dc3fe63e1f8746aca56

SHA512
313b79edabf4958f3825a22cd7dc38cbd1dd35839059c92dac8a81b96d3f326add1af545e1162f7a31b7ad1f58747281b5e6d08fb9e67887b0c2966c28539c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b731cca8abffcc6055aab51ad6c03adb

SHA1
ba828a499ed44eca1b15a61b2f83fb75cad6e7b5

SHA256
723a9d9b4b9efe4b681e9679c5550a8e03adce9750182b73e1f3efa0e1978351

SHA512
164d8d9aa62569e848b7289c81a0e0570bdd19106c1deb7054521c975deac1dbe9ebd7ffe37973a3f2c3e989959ca55bc4c4d0de01f9efe9ab1cd4a096c2c5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f05b8e3d-c1c8-400f-82ec-154d4521060d.tmp

Filesize
10KB

MD5
6ab873b5a7e4336651069b1d70bb0b97

SHA1
e6db6a94691ce8815226c5e8e739dfe443b6cbbc

SHA256
67c90ff77fa9e054e0bf4790565c569c5a3f5657530aca18e4e76926d332507e

SHA512
bb5ac5ee0869ce473fe0cc9dcc568a847182ae2ddc77c7d8f4fcf299de8cc103ffaf55f05b80be5651a02070d3275e73c0f68b481f11fd1db78ca289453bb62b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\conn.rbxl:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit