hxxps://tst[.]ela[.]mybluehost[.]me/opts/optus/optus/

Analysis

max time kernel
193s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
20/12/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tst.ela.mybluehost.me/opts/optus/optus/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
2336	msedge.exe
2336	msedge.exe
1140	msedge.exe
1140	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 4492	2336	msedge.exe	79
PID 2336 wrote to memory of 4492	2336	msedge.exe	79
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 2264	2336	msedge.exe	80
PID 2336 wrote to memory of 1332	2336	msedge.exe	81
PID 2336 wrote to memory of 1332	2336	msedge.exe	81
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82
PID 2336 wrote to memory of 2056	2336	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tst.ela.mybluehost.me/opts/optus/optus/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffb22c3cb8,0x7fffb22c3cc8,0x7fffb22c3cd8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,13874385626965225391,11403571133273013182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\47b13c12-17ac-413b-982d-3b8b6ae22768.tmp

Filesize
3KB

MD5
e94dc98d057695082aa864ebb804dd2c

SHA1
7a083819eef461c806bd191d5d915849d8a39442

SHA256
b25662c1d84f93840b500461ce977033c1a348d33b19c53c831649cc5c5e1213

SHA512
e2cfa4772b00ef5c20433ce3dff1f01bbe96d6f0ad1f6f4c490fb9fffd7cd8990020f89f812e63345c23358a3207fef88a29c3725966c4409151f3fd4569bc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0307d75488a9def144d0373178e421da

SHA1
1e4351dd4a29b6340913848163b4df62628ad06c

SHA256
9e1bd506806510408dcb9d5e1eab6672d905780282361f2b9974ab9a9ed1ab9e

SHA512
993dbb0491352352ca89542922df735fc7b3cc0d14a4790f106c25ee9fd616d0722151d05e045ed5863e56b128c3308a561b958bbf5fe3bb87498e8a6d12a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
22f14872525812289fa7c3708e6a4222

SHA1
10b232a8811e533994da1a288786cff612c4d915

SHA256
d00ccc014aa40f12cfe8e79bae9fee9587d2e9bcd2ca8b0b9a45ac9c46463f1e

SHA512
0c2d9ac3bea17f6ef68b76f0e21534ff6c6dfa79476180c5ed120e20a11d16734fd273c77a99e1a5e6d67092dccf2e226540c7a7a8d464057bf060e41e9b7061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
751B

MD5
2dfdf7da1b2d6631922ddfcd268c305e

SHA1
9ed31872aa33fd1cad0c33fabc8a46e5b4ad8a51

SHA256
8da43283a3dccb7de327bc20a4005b60a820027d4bb2874eb247f836944a49b6

SHA512
7a76f0a224b8b04898e97f9c397f7c9739c83715147b5d766ebb625cdcbb8a17556ff066beed22bc2dc8d99a8f5f85b4e0aa43064440851751733ce425af327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
6f7546f1c03fe1b1dfd02d030616da33

SHA1
d6a1ad9d4681ca37275cc87791975ae45b039816

SHA256
e91cd9228929e85600925e2d469761b1bfb04896bfec009caed920b7db5225b1

SHA512
dc3fd8eedbaa491d1aea62260d893cd37f7a0a9cd6513b2d49444d1ca02de5a25af8b7bf99b09156733e0eac8d01b123e3a3a3e243a123fde662e190ab459a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
417351367f12cb51e2565f3059356baf

SHA1
1b6f9045e71532fbf47d5fff0bffb71b146f36d4

SHA256
00e3a5d02b081ea04494d63331d6cd7c2515bece71e2cabf34845b784b19866c

SHA512
fd322a53c52857f97bf94ae369638b5036db48996e77acb3eef07cc4b23de06a6edc118a3e7a385f068b9eaa25672c13b074f9688a15ab8b2b37afc323981a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5076e37442c7e5504d281e108440c39

SHA1
cad2023f37d249d9f0990036229c3ccbce4f79ad

SHA256
82a413c7c1928e6f7fb4fc9679f2877f487eef18eae92d265d0be05fa5b80c92

SHA512
ef95f2397b50508dcc620ca6c2b843f26247b2f22ce490e4da68d9f982abeadf148672253f13fd6250ffc09aabe0e9b50409e74cb003cc955b4e7fad134a92a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab6cc77caaa463609a27fddb751a257b

SHA1
043a799f86be8462ff6cc9340ac1e4d7f9f9348c

SHA256
b90367a13c7753f57ca190863cbbb711d5450a57b42ba4f7c0ec9223f62f7eb4

SHA512
a59d07cdd65be9d0eb8237c95b613692993403c2a1d651f82a727a5e95e4dbb3dc66ede1c369d9b0070db3552c2f939b8d8a70e80b8a7f7eab84de3dce303577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ace84d2f56d99d6b3318537be8d125b

SHA1
7af20fccd1505637d77a87fec53a4fd8a6f4583b

SHA256
db39a394c432581c6cf5b2d164407cb27af4d998bdf437ca43be05714dd95aa6

SHA512
4317898393123fde58a8604cf19d1156c21e67af8fb152c05a41ac10ae6e26dfd88b856c058a64f57d47be023d7530980f7caeb359e7ffd60a59b83fb3ab0a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05186d44a7a012488354a5c9a219754b

SHA1
981d7dbe6610d086abf1e031d0dab5a186df16e2

SHA256
29a58723a465c02cfac5ddae3ae720123ac931630eab6303b0003cbe288269ed

SHA512
4d572e7e894bbf50b74ee3a439ce0857ca1c2bc91133920103ca23888aef25276bead92032f556b98f7f1e1e0c3c76b085621ef4c26e21e5b5e0c18193e74921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bfafd41f862ce098640e673021a4fd48

SHA1
9e1c43139add1c6f6bdcba8dfa620ec107d74f08

SHA256
bf82b1dfddb702ce578aefb711c920e139e2b2fb65c2d3ee8e39428454e39f52

SHA512
94a1617f90d94adf5edb68539c7169598e14fee3fd7a76f5a13f53e93524cf6a3b804d1111276c871050d4a3ab36e6ad03d7ad8eba488bcdc687f55317837c2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit