hxxps://smartevents[.]mk/the-executive-and-administrative-assistant-masterclass-2023/

Analysis

max time kernel
41s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://smartevents.mk/the-executive-and-administrative-assistant-masterclass-2023/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4252	msedge.exe
4252	msedge.exe
1736	identity_helper.exe
1736	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1796	4252	msedge.exe	67
PID 4252 wrote to memory of 1796	4252	msedge.exe	67
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 3212	4252	msedge.exe	87
PID 4252 wrote to memory of 4540	4252	msedge.exe	86
PID 4252 wrote to memory of 4540	4252	msedge.exe	86
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88
PID 4252 wrote to memory of 3752	4252	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://smartevents.mk/the-executive-and-administrative-assistant-masterclass-2023/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f3746f8,0x7ffa2f374708,0x7ffa2f374718
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5923853704441747229,9874741475437752878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34eb65c4-9629-4e05-8eb2-383ee278b3d0.tmp

Filesize
5KB

MD5
2a78bc71bbbd307a054aa774d1959b96

SHA1
57ce3850b0c13f75b7b9276d4346571083cdf22b

SHA256
d6240c4fa14d8b3e6b45450c8bb23a22376a7ec0e55c2b46ed2b64e80fbd844f

SHA512
40f9b9a49bddb78039d71a8b9e860e10afe3a1625094cdbd159973082e5c3b0ba8980f7fbd88d81a92730eabc7060b5aab5e6c63da56e7f6806e78eab3606d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
545d2cc693d976af814fdce1bc075024

SHA1
7bf20f307bf3da1ccdca17ba9c0d0118913bc63e

SHA256
622c9da1ad76e6f6ee02a155cc920ad55e84bde5043e20927f3f9f89b5b8e1cd

SHA512
f6045f1257aa7f8d29440a8b8bc6ab0ba34766dceca4295f2ca64778168533173843c46d736c5f019a11165f7d6819e83bf9b868759decb7d96ce7677f7d1fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f0669c20f793a61e6b97a536e57d842

SHA1
d26c2dbdfa59d8ea43e3b7ed0d021cf1ba9d897f

SHA256
3e8165768dd852c752bd827508c8b7f2c266180dfe8d27b43503df03b685ced7

SHA512
a8ed9a22aa6a9b89b810f540413ba95099ca13719bfaa36e49f31f1fec6f0aa194a4663aeb8bd2a0c10c6ffa6a20bf5aec3801007e40441d4cc5289afa3a7346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e082a11e3a41e48b2aae3a6b847a0c96

SHA1
c17d46c1fce1e5a212f4a3f1828723d672a8611e

SHA256
8d6f7dce3debd3065cbc0f3d173ae37e6ac42465962ba89e292686a60918f9ba

SHA512
14c1c7bc8c79eba4d4a540bffa93720255400645d858964b6a2c90a09b24b860c1df7dc5888805cb002df55b3cd0913d1c558c97a893bf235ab4ef4c60e97929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19df2dc7149da167946de747b9ce5ea7

SHA1
e91035246dbbb97b7ff5823e46f8359fccffdce6

SHA256
7e07da81fba88f6e769a152bc93c54d08a7f797ef41371b4e323976e428583b0

SHA512
be3595c9d9d55fe7828660cad98680779277abc8bd7a09ef5100f07125d6963afa73f8300b908c7cf828dfa1cb073bd1ec5d539d2e63ef3b1c5af93ac45c2a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8e0.TMP

Filesize
1KB

MD5
3f703b068754e7f2314c51345dcd8f44

SHA1
0ec770372de516dc0b76587be85d06f7a87042e9

SHA256
d22db5b33b40b935810820bb29f78b03017fab708b770d98e808b306488860cb

SHA512
fe94cd0125e9ef4b92a13548fe6c60e3a92ed2e56d7041e3abeb781ac8c84f87328f483486c56242766f1effa675130d6867dc5497d835117c097914685f9eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f69325da5db88ce9674b3ec43d15198d

SHA1
cfe5d3477913e92f93f56980dd3118ba0fa12e5f

SHA256
7da59844a932ddd51aa2e4c6eba6686d94234ceac7ffefcf88e7c1a221ae5537

SHA512
28f9cd1a5d677227788ccc58070635f5bda70c263013f77ea895e69091a7435bbd47b9eff46baebd9cca58132cea1ecf844c5d34072087f17ff90be732229bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91578b7fd1066a7943c0917d38a373ad

SHA1
83ba38ac7e71f690630190e40fc87c7f5796ad94

SHA256
f40928d4728c325411ce167a73ce7f1e9d8be309381b9f20feeeb70976717be7

SHA512
eae0c1839e487baa54bcc492aa9e6e2fe877f17112e75d847b65af90b1fe09dc8617d2a84e7c5e520ef40d6f6316cd9c28b76d4cb48b955932a3540e761d853f

Download Submit