hxxps://l[.]tokolin[.]org[.]tr/spagetlink57/

Analysis

max time kernel
121s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2023, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://l.tokolin.org.tr/spagetlink57/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
2508	msedge.exe
2508	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1032	2508	msedge.exe	84
PID 2508 wrote to memory of 1032	2508	msedge.exe	84
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 4548	2508	msedge.exe	87
PID 2508 wrote to memory of 1680	2508	msedge.exe	85
PID 2508 wrote to memory of 1680	2508	msedge.exe	85
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86
PID 2508 wrote to memory of 1792	2508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://l.tokolin.org.tr/spagetlink57/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffcfc046f8,0x7fffcfc04708,0x7fffcfc04718
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5980978034974258554,590469693103227049,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef2ab50a3d368243b8203ac219278a5d

SHA1
2d154d63c4371354ff607656a4d94bc3734658a9

SHA256
2e2faf2873e0b8d58788da8603acdd772642a396fff661c4e32f8a581362cbdf

SHA512
4533997bf4070f99306337b8ff553691d4cf1d1b53401628524ad4dc9d29bd0536a3f2df4ecdd0a8afa81b7f917f40524c9a1898b566ee499a358abc5c84b27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
41e149cab7bd516d1b96cffad02df036

SHA1
012f78d89ad549312b2733fd05e85144d8b8bbda

SHA256
0696fdd66d78f4c3def200c18e8db03a908faa005705ee51497701d080cfb046

SHA512
7f65c43b7e38e287bf1fcfa9b5c28b5196a31e190f642d5ecf67df167144753eca918fb23cd9985ee8e7522dfe2c0cdd2d8753f16a55026886b9cb6ad9be4a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e6c3b2fea4fc6eb9d9f0d407fe54cabe

SHA1
280e9eadd8152476cc9338a96994618c3c0d2034

SHA256
9174f32431ef5b9087546240df402442b4f45b8f18a51145bb6ed0ea42c06278

SHA512
cb3b99bfedc07205d63febd0559f5f95757e077615db1d5b9deb5b8c420b55802f32855fdde322bb5d2695fc40c3a4e69c00e66f7a8f4d458742f2fde26a33fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
ae22a140064cd2e6f3609178454572de

SHA1
fa44d9196d6c6baf33a94ababe2f60660bc91600

SHA256
776fee4910ae5f36923bf38a66737ed8f672609735e2617ce18f2b50944a2f52

SHA512
221c709fc313139fc9a96e293acceaddf4e1ddd5b26279a53310ec27c779770c0c5ab0ad80c8ca940d8e362a570c3a20847d96da1bd1733c9de8bc805ae9aa59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebc4e2ad95deec05fa4a31325c3751e6

SHA1
89f3b9622d895dcad126b11d86b53aa216790d4e

SHA256
5d2fc09515a28394ea149428a0858ff871dee41dd278879fea01f3a7f9940f70

SHA512
f2bcf3c100921e468ca96c55ff652271de5bcd7da49de4156884cf883966a3d5f6c8f8b8565b9dfb2e62b02d7825f33703c13ee37a712b580af24423156eca01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
809e60fa6cba16ca2a16f6b202509d7d

SHA1
1bece0143b8306dd3fb70712036c088fa621e9d7

SHA256
e28a3ca75b8012a6480e1eb6e9b6cd42bd0bcfe39f39a964fbd648f44bc56d97

SHA512
8dd2cb2de92d248ffd9aa9cc4cfead597baa22b1cf3b1c57fce631daae38cffd4361b0d6734d5b83dcbcd6d2a48c94a379820000102a88df0af4e0dd4b48ab5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6993d8211061095cac521206eb7fc52f

SHA1
7ac6b4bd9f109258f0c64c1fcc19ce266906e730

SHA256
8e2c707dda065abc5a49060c9062fe61b08be306e040f5a780a2c9b578856a8a

SHA512
57dd82fbbdb5e0e104e215e00ff355166d8943192edcc2f4aa205fd75ef3ed6c050c60ac11640df5c60c88d0358ec75eef9e5708d1ca050bfaec174778e1e64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
147c6e1eb8e70c2ab4003af817fc03df

SHA1
a982f69a5f6211621c59c1ea5556340f04d2e109

SHA256
124017cb09a29bb9877cc4a4b5fefeef489cc7844b1cf560cf1c9c4a9e6e0ee5

SHA512
6227f21a858498b3593799f4f48de45de058813e623de7b387891b57d382385d60fabec1ec0884571ad6af4eeaabcef9d4e91d50f527a14c155ff4b2adf4d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26abe469d369edfafa1ec67630e16eca

SHA1
5409bea6c56a4a0624a380d4e757fc27d56021af

SHA256
1e659e78863be4c25166a6be8e86ad8eb98f45a4caa3b8dca5931909f8c0adec

SHA512
5975ec69e2fdca7e6c087c2e4c6ea7154c708eeb5924cf616c59e0e728228a638b2f3642b7ba3961cf252f3f02c97fb5eae84ae20cfba018fdbc06ba55e1414d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bf38e67347aea6d520cda5fde321a1e5

SHA1
0e7a8def4c923201d76b41dfa9918bb1052827ea

SHA256
0f0744f36e30e64949c41835aa5666f25c1ab4f3636d9247b8350fd8ad4f8025

SHA512
f62478dd4e38c6bef2bfc24f46caa03840613711e2b6fda2aad707df5cbd33b25af4fc3954521e203b981c4a10e5c8fd2520cabc16cdad858eed819b45a6f366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5aba77da5cdeebb1ce2b8c4859875a33

SHA1
0191f51120a204751c3870802a00ea07a9c08956

SHA256
508176c5df1b4a583c977388359989af5203ae18cd00e4854c93018ff5d65e5f

SHA512
9c029df50d842c5a9bca1f43b1be78a8ff577f39366eb485d8ebd56bebef1f0607cdb041242b41c3a179f9e6caacfcf8cd4d5db93b63f9d3db150454d4191b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e480ac5247f5aea0f7829e1808261cc3

SHA1
44645607eaf7424076f458c825c21174585bc5ab

SHA256
b22605d005deca54587a34d7a6219610e20e43cf0206f515f0907d1b61b4f93e

SHA512
7b654a8328fc013dd7d446ffe2af2beb1e65568739d272a8a1b0d9033362886f7e2b2421c7429f1e822587d3b9bff362b4f49fc11882433d1e171c8e94e40396

Download Submit