hxxps://global-secure-platform-lkg8g[.]ampfibian[.]co[.]nz/ml/?domain=cityswitch[.]net[.]au&email=jack[.]blackwell%40melbourne[.]vic[.]gov[.]au

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://global-secure-platform-lkg8g.ampfibian.co.nz/ml/?domain=cityswitch.net.au&email=jack.blackwell%40melbourne.vic.gov.au

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
1384	msedge.exe
1384	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2476	1384	msedge.exe	46
PID 1384 wrote to memory of 2476	1384	msedge.exe	46
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 3112	1384	msedge.exe	89
PID 1384 wrote to memory of 4868	1384	msedge.exe	90
PID 1384 wrote to memory of 4868	1384	msedge.exe	90
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91
PID 1384 wrote to memory of 2668	1384	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://global-secure-platform-lkg8g.ampfibian.co.nz/ml/?domain=cityswitch.net.au&email=jack.blackwell%40melbourne.vic.gov.au
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff96c46f8,0x7ffff96c4708,0x7ffff96c4718
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12723183504369044985,4118103759013199707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
40f3ea599acaf2f89b7abfefab78787d

SHA1
99389f4e5f12516aa60609a16f3280dc61e81fa3

SHA256
e573c56c3279f1cf6dfe4ca59c8606f8b00ceb900871d21b4ba5685408caea31

SHA512
03a590f5001c6f3af22efe2c65d1a7a64c86bf41337b0808198d88a564a51652e6a09422e2f12d606041bf1ee71e40924ab481d73c5e9737aa34f07cb56db4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
463dca05748837f70aa63aee8b469e95

SHA1
5da84fe0524c010d3bd4ddeca30a4004047a9422

SHA256
2ba70a0597a55091010daac633e267b340fc61b98cb49d5dad86cde33593f9ef

SHA512
b5a79c5bcba4786f3f0c5a82e0b7cc712bdd854a48a69d272ffc593f4faa12a09750ba8fd866d854b6b6ee05d8d71dbd670b69e73f37695f21565a2b9b741955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
271cf8ec9a103dc30723a43c1b835282

SHA1
512890985267013cd3988a494f940238966a77ef

SHA256
1dd014b180b98a181c66e2665c4ce755c604d1fffdf935547e112e091b9b8fa4

SHA512
3f321df79a2f7d149530aff10dd43a189069742af10d08dd982f60c04aec998d88f7475fca20bbed71d02b781be2ec8a805e00fdc14926f3d7e3ef25a123fdf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5108a6d1f4e84321b12ea14a25ea16d

SHA1
4b36259bb06b6462723b627f1a1452444bfe17ee

SHA256
08f6b22147506ad449644eebe7c8b79cd0e4ecfac37769ef70bc8d1a19e91781

SHA512
7b1893d4c8bdcdb23575f68d8a3320e5b94748ad23cb06fd830fb588be1f3f189cabbc3cfcd5548d53754ede2784c1b88ffa81abc4d69dd04735cb15fa2b5114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0c80c8f0452f9394069d7ecd3f65cf8

SHA1
f8ec1ae54378dfddf235dff9b751ff2b70879743

SHA256
9f795279a8607229d42d0a05c5715007effa5cbe11fcb3c71ae74375db312210

SHA512
d82f33266e72ae9ce5223ad86219405f2ac14def7b46952a5383e5aac498ab7e278e2e317e2147f32e59bf1aee2dcd9ada8980d1b8c8c36a9bf8e827995837a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7645167f4a046e68d5a27a543e1072c3

SHA1
09e9a6ebcd9cd20455098f1f9115c2c62ee8fff0

SHA256
956742639e8566b99009079fe08f322c1560632ee063a6ed90cdbeb5862ed169

SHA512
0bce9ae7da661fc59a5405a10e417e0fe7be57a11498fb3f0d05d60cf53a7e2b89c8a3948ab590a814f6dce3f6579e49a46ed63866559716da70dd074a346a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53542476aae734830b2ec8641e98e5a0

SHA1
25af5242d90a87e5a10c18390d112f74c9a4047b

SHA256
4ad8920238898929d81615213ce5240abc7986c532a2f60d9377ba3aef7d4ecd

SHA512
9f64f81c9327cb273a9b3d87cadf1854936adeb2ea0f50cdf3e41ed362525ceac7ae9901665162f02183ac1afb17df71fa92520c672734af10837074d3347b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c12b59c359d5fb2ddd6c04030858ab2d

SHA1
b999c707b8e0765b899d71d3bbd7ffd897962d76

SHA256
7aaa6b813e755e8f58f4cbcc298c3fb825e31a20f54df274bc0648d140635449

SHA512
d9569a3b0fe08c9400e9ed1fd4350acf5649fc40fa25a1cada80c92051e8994f5a700daa2f3ac5ca78a8ba579c2123e84ff127a7a3c34c45eb7c13cd60dcf40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808e4.TMP

Filesize
204B

MD5
8a500dc55b2361a62fd19a9f086bb371

SHA1
b5b55cd36d398d535e242aa8959e5a76c1b37db3

SHA256
0bb425b1cc1f3157f992c6cc5dae1c7fc79db1f9de3c2963231de2c7ecf19c3e

SHA512
bdde95cca3e2149570c7ade30f181f37549c9d5afea94f46d2fc02d13980109ef17d3c490532fcf0fa6d8328caf5922ec09f03ea368df1a796b7eda6aa3ae13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
edb0b041ccb3e58dedc637f60e0f5f92

SHA1
e8be777cba02874af7bf99198137cbc1ed9b62a4

SHA256
205873f7550cb70efa2241fd0b0f06c515c7ff16934f2d72d9c5642520072ef0

SHA512
e863ac4192a687b4ad9394855ae5af4ee3e75e778795a20e3b25fef59643b5d60b825c96637cec53df7f6049cef68bcae9a8bf0bf8631698fdb6e7cc34c8d0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bc875f4b-6779-4b21-bc7e-ac47bb7cd504.tmp

Filesize
11KB

MD5
e0de93b0ff98e2f63492566ed332964b

SHA1
304db21074267ac50407d9a03338ff3eb5009eb2

SHA256
edbf58e5b27384c9bbdeaf484702db1203d8c78cd408f7cde3f29088232272b3

SHA512
da26f5739fda83d15b811ad0e5b7f25324538555f0d0fe4787d2a0d39db4910ff56d7680c2fde988db15b5455fc174065db971e46a01e3068c58143d890402ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit