hxxps://swiftconstruction[.]us22[.]list-manage[.]com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b[//]/#/?/yvette@marioncountyclerk[.]org##

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///#/?/[email protected]##

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
1804	msedge.exe
1804	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 3916	1804	msedge.exe	83
PID 1804 wrote to memory of 3916	1804	msedge.exe	83
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 2820	1804	msedge.exe	85
PID 1804 wrote to memory of 2820	1804	msedge.exe	85
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///#/?/[email protected]##
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3284bf5ef95a0717be757e0b0295e010

SHA1
81b178072f5dc7295213cb0045af79b7f3f59c36

SHA256
ad2b89386a946f2a136f23b04d1d1f4344127f46ed9c72237b91bc42cf7c83c5

SHA512
07a9ac12e5b154d378b6a2a998ac050ef71203d312b4a2eea7e461aa6632a62055a996b0fb70358f5312b75dea35fb1eed804fb271b9faf896dda04a4d4e1076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1017B

MD5
7087c49c221cb40e4414af768954ea3c

SHA1
f204a53c9267e647cdceeef95b086997711e8dfe

SHA256
8d92cbfae07081c3f9ac2c7c5e368da6cf1dc231315b3705b6cfbcb846cb78e1

SHA512
782612a04ec2c22591b5e541ebf678c94193a6acb8433f124d86c17ec4776af55f4a6071d7dc7d78d638c8a0cbbe86b4bc8fdad9dd6675cb2db2964fc60548e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4557db7585a1d0519a6ecf4ebdb4dd3

SHA1
5b91f184d87604c0f8a783fce2dc504d6676e782

SHA256
a37a481f71e4d6a21a08d24af310316f2bc4089e8a26f5f696901b7d9336aef9

SHA512
46bcde5f9a01a0fb2907320f0c2a64be4b94bcc722968f0e5261050326082a12a0303ae1cb07b969b4178dc92d63a79073b6cdfa0470e79547e8d6e0c966795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f43e27de5bc82ad40897afcf862fd68c

SHA1
f83aff03f0093cf71e97280d60fcb6a0db83668a

SHA256
81cbe621c5f715a0eb503a3194cae0ea3525b320e833fdfbc9a22c56d84faace

SHA512
07484f0cdd661d1fafa3cceafda2f5b9990e167fd64d08aa42e5996e6331a4e624ba7957d5dcd3354cc57f3a8744c097d135d6fe935b99aa2a4880cc413cac8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f13de586cdb81136da21360119b26975

SHA1
ddc97607db65f15645f23b7318b9c74d6d095cda

SHA256
e4d3afd9fe06495d7814d274b6acf2366f7fffe0b14e9ec1f22faf993a6af94c

SHA512
3f80d7df8dc2ab8f1db825e325edb98947f4d2ad12ae66fb918658a394aea4263b4341387614239114caacbc3f4f96c653d2b346093f0ca10dd070fa64432ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
842481c9ad7a888e44a1e5efcebedbaa

SHA1
6328f52af9fa3f24564fd76769b20b2834f917ba

SHA256
1d1e493de35b6dc14328a12340888e621c3a71c8777f3fa9dac6a59e4f8b023e

SHA512
e2b05bf4f2ad265d8da4f92499be3a9b2fec12eb05e0959eabc086e5c912afacde054345615f581f40d1af458e8bec1c1082cedd6ad47dd369bed77b0ef0a064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587a2c.TMP

Filesize
1KB

MD5
95fda69ee4564d4313c5abf5239ab1a3

SHA1
ae6eee18733aa0631f6c2c1ac8a0b9741251402d

SHA256
d2934575af4d558ed59ed53b321521e688067b84c1fe72be70f69ed37679e49a

SHA512
ee94ca0afa3b2abe0de1a2a8ccec4e0aee2a9a4673f573f1abea02f9fe4d86f96bcedfb679de03e62f4bfe9deb946195784ff2c557b50289f739f10933649eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb251347af0e1fa4596095644e461420

SHA1
f803d406c1f3f1999ff3d20fd14af56b73f564b6

SHA256
d90edd5fd9c17974f545117994cf0e6ef9d61ea17ac188acf08eadeae082c32a

SHA512
3fcd7fa3b0995c2617d25e7c43aeb3c8b1b8b303e15175ebc32233f950ad0b9f1d9c75d76576dd354b136aef502d9b3eebd876a483dee8b62782951dda4e7d94

Download Submit