hxxps://guidry20[.]bubbleapps[.]io/

Analysis

max time kernel
138s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://guidry20.bubbleapps.io/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2632	msedge.exe
2632	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2288	2632	msedge.exe	30
PID 2632 wrote to memory of 2288	2632	msedge.exe	30
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2900	2632	msedge.exe	88
PID 2632 wrote to memory of 2480	2632	msedge.exe	87
PID 2632 wrote to memory of 2480	2632	msedge.exe	87
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89
PID 2632 wrote to memory of 3936	2632	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://guidry20.bubbleapps.io/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffe8f9b46f8,0x7ffe8f9b4708,0x7ffe8f9b4718
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,12818325617242815827,18129921075687139197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8c9bb6ee-d361-478f-bdb6-7305b167c4f2.tmp

Filesize
5KB

MD5
2007ab88b3d5f63cb4bbe05ab35569be

SHA1
56470740acadb80a8ff65b3e88322dd0480dfd4e

SHA256
02a1baa8d4e3b644f05476b1d85505bdeaadd71d8504769a912a73a2d966a22f

SHA512
b92141f15b2d2da6b23a9d5d5b12e32b0cd3a248e5e34e92e4ff1ec0a940e8f6b6185353205c11b00ea29067f2fc72e420b490d78e580f4b94ed611eb075ddba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
cb8bc16130ad358c6eea14d7957065bc

SHA1
43e04821a72c7ccd472d79c8eeb4d9b000951167

SHA256
864fe997fe8ecebe3ace69babe231fe60d063ffd022c2e0fe26994bf9bcdb2de

SHA512
6bc04065282697e5b9c980c6783b5c15f5aecf824099437dde43d9b75b7cf8d13fae469615cb7fc2ab95ee58fb67d09e0281b547dbd7d56ecb7f2516e439ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f04fe400d3243339af0cfaa360604c2a

SHA1
3a87d4d68e0d1f62a345142c2a29ffaac06b887e

SHA256
b53e6d4ccf27b150e1543b5fb37dbe6f1c4f1a0b643c418b38f91c83439172c9

SHA512
76730a11d8b0d932a3bd65e573e9eb45a82f85a2532dc8b409e537901ea6c2d217191091a898bc895ba029800dac070dc0044ea8c1d11edfcd18764458333a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
832B

MD5
f76414ed45499c64a790ed4c2c5de44c

SHA1
a2f95a085700f03c77552d1d5a06005097b07855

SHA256
792b279024d2c61a41bec432372b390a611326bf8d6724a6399c8d66a63f6fb8

SHA512
f69dd0d1c39e1ff1e8f9b3f2de2d9dbd37f9a19a9045c6b96aac7803d2f56a505144a53385f94396b5be2d3923f4dcf7415fe592cad5c776c5b8d22c8b8791ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
915c93e61df2b754709d1cfec884a70b

SHA1
337f4e30edfc1d25b1ba2adfb6b1143f94338444

SHA256
0c75cd6695a95bcfd3f039a394e0b92ac5f18491bc16db521c1c8792bfdb66f6

SHA512
bfa28958d6489c22e038ab41b13017f9b6f7b9f804d4c132530ce62808192a8f545dd37da3935f8b82fcae11a5f28540a1b062b06816cd5a39a837f70b393858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07a1e6efa36335c157bd7334383492b1

SHA1
9d51b5877d317e0374cd69bf2b8081e0b13a16ef

SHA256
bcb7f8d760ddc893d542667dd3f20dfd12b0c151f75906d10548309e06b58673

SHA512
fdc82c0d2d23a7c224b45765fea2317251511abbbc3ccb71784520460d639f3a984371269368eaf5b54326c276863018ef5bc10722edfc275b057ffa00ac78c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1efd85726ff7b1181145177be25182d1

SHA1
4b4ed2d615512c26cbd628eb1dd81f17fa55602e

SHA256
acecd9756701fa4a17b90e275c07db1af3706ccbbfcdd0af347c0ad2c4a71c6d

SHA512
db81c9e5b6d68886e1276b22952234792027b106609193df0677866984ef2af040acc8cce7d92a6ded5e85beb9a6e25c7a2406a7a189169268916fb44834e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0fcf83dafb1469f6031781675a25e3c

SHA1
5ff8fab450c4b131d8980a2c1adc456221b3c469

SHA256
de6463a465cf7eead48cbd649e57dc11f625b4432da415abb98105dec8e7cd90

SHA512
b506d81abcec64c52b649caacc837cb5e3f041d8708ada5090ac5f892c8a584478b4960f39aa725df04baf79863a9351d71207f59f13873cd65a63fa3c041ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a59b8fb60038eac47c3f3bbf0b88882

SHA1
3f121e60ed08eef10f4deddf1949ff7e94c92040

SHA256
4dff0a66bb3c451293b3d549ed689557b25356dbc471e9ec695ef3868a6cb236

SHA512
eee3d2f7309024f99bf8c4eeee8429f752dc22a949ceb13b498eb32b7e44659c0490f3b7c2968ecc8765fd6a61f752575d1f41266fb57a27ab0ea4bb6088b8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1eef726e8c7467467f7f1bdccb6e2e96

SHA1
341a3887822274ad7f489e7c0ea750f0d5a70f8d

SHA256
c6ddb8b3f64933cf9fad692a43aedba752e6631b766f96413d1f49b3eddc789c

SHA512
e2fea7e1615dfe39445de0bf5c1aff30dd5422f45ab7b4c7a4c220a50f112030d5209281ad54779f0eceb90b12688bdce66c7be431577a45f83ae7f94bf68f44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit