hxxps://topsolutions-bpkyv[.]formstack[.]com/forms/informativemsg

Analysis

max time kernel
240s
max time network
271s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
13-05-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://topsolutions-bpkyv.formstack.com/forms/informativemsg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
5024	msedge.exe
5024	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
4388	msedge.exe
4388	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe
124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4880	5024	msedge.exe	78
PID 5024 wrote to memory of 4880	5024	msedge.exe	78
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2852	5024	msedge.exe	79
PID 5024 wrote to memory of 2200	5024	msedge.exe	80
PID 5024 wrote to memory of 2200	5024	msedge.exe	80
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81
PID 5024 wrote to memory of 4748	5024	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://topsolutions-bpkyv.formstack.com/forms/informativemsg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe07e33cb8,0x7ffe07e33cc8,0x7ffe07e33cd8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7134062541859725986,4032959370540378096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3f4bb656acc8d18e310bc598e625e6c2

SHA1
a5676e43f8f3a08ef76a7ed218c4933542e1cb2b

SHA256
9b9219784d38c61ebd7bab4f40abb99225216e5ff30562c8f4c3e78b67b80800

SHA512
8ce831b6d5a4935fd9e7c4f00e81da58a0c35fcb8cf0177e0ffc2550902141764b427ab0c6224e088accb7dfa9310b4ed974a9a46f5c302971458e2983b18056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
790715564bdf05d1b3aa9265daca6db2

SHA1
2a5e2b80ff53b014fab7755864db95f47586792a

SHA256
f05a9d6e664a358be3b9ebf90cacb45b7aaea388f83eb1ffadbc680d6cb1b91a

SHA512
c7bd6831a10acde1a7a99ff2794020f6be448493ddaa0824601167757c43ac99a3ca82a8fb7963e5f2f0701f9871e2dba9172acacb8305ab114cf7e94880abe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
62adb8e6944fcc35048e2fc821e17a8a

SHA1
83dee934ff1cbdaab5a0de9da5f747196e5ae795

SHA256
522933bbb11734ac693f76fe4ed6a7b13d166cdde07159f536db65ae9ac0bc5e

SHA512
da708559052d9b1a04963fd68230d84708806dd6d760b4d457266edca0cbe72d5a6aa61cddbeeed6a6f173626929db43c10bd79ab1cafc6f57c99c23cf71ee10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6f7b62c8f32916a0a840c5bcd19e62c

SHA1
5e5d37a6d2148a8382098562777e50277cb30c73

SHA256
74226eaa70ee571a4db5dcdeff55140727e9691a1dc404de4a98df151fe99c51

SHA512
24d67312e2c7b18696b800faaaf05486f0290b8eccfca5b2dad538b9e32a5480c341b5e75165855149ba3caa74fb34f30215b172d5f4b72ba49d781393038be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
919B

MD5
9b99188506b3c5578aa6450e45b62916

SHA1
804cc50a10904f4639dd31166b8782223e515c67

SHA256
d2d296639f8243bb2c17dc2ccf87e6b3a98fd50b7a0ca4a61a9117c981eb6329

SHA512
407c8c52ed8a3aff69f204ff1a634ec18067776376786f4ff59aa94eb2e462cc04b400cffeca935ef3730c27c94477d8420087d464091f995a4f77a0354cbee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b52836a0139ffcde4c51eb4885d73b2f

SHA1
331acac4e0a586ec7a37a9a2a9de1cdb4dee563f

SHA256
d5f8ff9da5d19692d72e633d22df2fe19da069c9f7f61931345c9b26a0281a9c

SHA512
7d8580fe0b6d9a97de394da6e0c5a5b641b4e941f41f01950046235fa8eecf1d60276b53d8c278553fc21e6b05883d059b6383fdf717085dac686c2494a80fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84ebf9db67533ff4c633769c94d72033

SHA1
734b5c2a94afb0abf4172e1ea7a8202923e77cc3

SHA256
3cba577cd3f70bf4aa2ab33969a7fc1e04f5b298c297ca6e873b8702f9f74ef8

SHA512
b04b900d194e371bed3182e48312e59da8adcbb41b59b4ec2f6d95b5612825dcec87829cdd1a33072ed8f92d11632006968d313280ed66f203904cdfc89b4a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76a4f9a778e3b422854d2ce0dcb6506c

SHA1
0ce31a2a9ebf6bd3d90164d4e9c2249ca9e66078

SHA256
ba42f0d8ef0c291f38c9685f395dc5346c30a5abf3e4c7b50aa3ecae2adbe7c9

SHA512
177f1a5da953a12f19840c4ae00bdef4157afc1e06358ac0a6d156f0a7effe66f19597c2f051829c1b50ac8074b05ecc40a28fb000711a3bd111bb80a276f861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2f2147130d52a5323bba5d7dcefee38

SHA1
b8f161a86647c67e817e3cf659195a3de60c9889

SHA256
62f191a83012fa52b5756d7447a42077161981b0984aeb745cccfcaf9928a4e6

SHA512
7ccee61a05f308f55f70779b1915efbe6f96c15695dca30465140cb6769f46da69398d6420b4c773b2ca4551e2b75c790cb60832c84d921b0e89d94d86bc1913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8b83c8aa163c98af03c2380c354b2db

SHA1
cabab2427f2020655ccdbbbd922b9afc6747250b

SHA256
dead59c7eec5b81137b8caa4af15d495179ce622a6ab81adc0d4d8813dccbaf1

SHA512
f8432a0dcdbe807430f958074186e8e4b0f282946ddfc15f163934b55c4246074af178ba0030bed375c014729e54f429956fb00f9422665da07df408b9cfd3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9947544e0fb3253333dd7928f707788b

SHA1
beb4b5d20db82f2a4f574e3d278c2566c052b585

SHA256
dfe4bf4ba6aefa662709a4e23f6ca7369fdfe693eb2d11772556f5be898e01b1

SHA512
273ff0d36127372d42c87f358a3815cc67b10f17d8ea829fd59ab496f658c1caa24ef3c90d35548b14ea3b5f2bde22952c64ebbbcc90ef211ed4aee556d44fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ec8f5216119c8d530d369e6aaa6eb98

SHA1
ab3c5f0966924582be945e52f8c723f2af7500c7

SHA256
1caa0c351fdc2afe958cff52eaad966dabd83e63d04a6834abd61d36f282e688

SHA512
f4fb1ad688dc4a62396366f8b2344716311d1f72dfadf9843fa9518da9e4401205973fe882f0f621f3d091d348d166d5d8326c5effe2024f87f17a285ca6fd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d12becc280efa83b6b77a0ea4f3ddf69

SHA1
56c6608c7d6eb5babbb3b6ee678011fac71b9869

SHA256
2effc9f1b890838dda676b902c5e2fefbbe161ddcd0e6a1977dd87ed99ae64da

SHA512
f37a621bc3ff4042fcd1f8cee4bb31b1e31550e42ed338e3bc7bc2fb9eb702e38b5947d2004a427d60b37a3a288132c4735db3f255bb1a8952cae3b61b767897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fff50a052a1ef231167186993d904ffa

SHA1
da6bb0633200ba6298348af0ca1b999817bf1ca6

SHA256
55ae1f9bfb4ab69df3b00d395e95fb02b3349bbcaa961a2eae6f06aa1666348a

SHA512
3f5190c5714eac835ef89a1ffc5fe17c5ed7dff7cb5b6e9bee2e8e53b973d554e49136dc816d2463b0858f08bf7ed4d23675f5391db2bc705c78ab60b58601dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c803.TMP

Filesize
1KB

MD5
7146c645d89fcc688d20df323584d0bb

SHA1
6cbcd49ce49fcd47c21aaa48fba4e15703eb6bae

SHA256
7736c834e9e08b5836e7ffa7df93dc923463217e7bfe44f3969994f1680b206d

SHA512
e16bdb93698c8891ea0dde0a1dd73379c7c9a89d40e46d13b48fe0d1ab44572af808310d54045e8e9d640a5a3d4c39d5cb755a8335a9f09644a88d767f833669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37bdf7b826a1f7f6c3d37f3f18455430

SHA1
162df665b5ade97d5a188d04f2a9b69a6782cafa

SHA256
cc591b05f121ec5e205e9d9f26ac61c546eadbe22cf17ba88b3ec8b8e6392cc9

SHA512
d4c421bce475d5c08aec79437dd050663516310c847596e33df50a3ba3adf96cd765ea5fd70dab4bdf65793b98dcbf23e8bf578fb082b83b446f17c3ef82c7f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit