hxxps://sharscentserver[.]online/?hatxtuxl=344a513da672ceda6161dec6249a01fd6a14261b246880f8f720876becaaa28cfbc8cd775e5ab16093961d782656b9eba02f1ec8a42cb10ddb197e4a1c84232f

Analysis

max time kernel
361s
max time network
371s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sharscentserver.online/?hatxtuxl=344a513da672ceda6161dec6249a01fd6a14261b246880f8f720876becaaa28cfbc8cd775e5ab16093961d782656b9eba02f1ec8a42cb10ddb197e4a1c84232f

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2128	msedge.exe
2128	msedge.exe
3416	identity_helper.exe
3416	identity_helper.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1288	2128	msedge.exe	83
PID 2128 wrote to memory of 1288	2128	msedge.exe	83
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 4660	2128	msedge.exe	84
PID 2128 wrote to memory of 2296	2128	msedge.exe	85
PID 2128 wrote to memory of 2296	2128	msedge.exe	85
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86
PID 2128 wrote to memory of 5076	2128	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sharscentserver.online/?hatxtuxl=344a513da672ceda6161dec6249a01fd6a14261b246880f8f720876becaaa28cfbc8cd775e5ab16093961d782656b9eba02f1ec8a42cb10ddb197e4a1c84232f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d79046f8,0x7ff8d7904708,0x7ff8d7904718
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13004876271828950287,11332672143597451057,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e75750b-f474-4346-a5b3-af110bbedaf4.tmp

Filesize
873B

MD5
502189df07cde38676bc9b28f40d8c91

SHA1
07233dca4c8aafa7fba73d12f4688838372af48f

SHA256
d2906b656c5a28f038d45614bb4518a4062f9000d6f016dca0eec823eefdd9a2

SHA512
62aa69523ec0064cf3e11eb44ac99b5e31cf23514c9a4a07ed4689e1c74c33d3ba85efb25a5694627f19dcc77cd2d21425e14e393c0d332097124372450dcc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
467bc81cf9a2c589f6cd5c4a23a73d48

SHA1
ea5c227e4fd77a4de233e08738e447d6f482f10f

SHA256
537d9d9809d111b0321a767fc44cd31753bb7919ac535ef6cf3d932728689b55

SHA512
6d2c91edead5113f3d302e11283c80419da680b7595c73453dc20930c3b4148e7b041569fe4b5b45eb6635445282ff349c7b4ce89e9fc740368347cb3d282328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
808B

MD5
a6ba9410b20c36ff98372439ad225c00

SHA1
dc9474dc3eacefc52270170f7992f61b3cf2c09b

SHA256
8d6a4ef18e5fa1bb6ca9993805dcb6dd2bb441dd2e19b714969b60a75c708da3

SHA512
e32cf448c59370e056a0f0bee62cefba4f10ec73d4fc7ef7aaebeb444f848fb62ac891a003bce0e7826d3aa03a465deed6ccab0ca9bf8abcc361ebba1e777a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
899B

MD5
181e319d430cefa8f5494e8d3bab1d49

SHA1
2cfaf853871404838e19ff1bd72b69fcd9b2dc3f

SHA256
20cca315208cc88db40f57393b38c3bf96fbde13f7b2d71f14878bebd27a2157

SHA512
a998e4db18c215f3986107a0413f6e743e916727e1d20868bd0f43258b838cf248061ab27624be753b01baa078a655c70fefd47364dcccb8329a0f1677325c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9354e40aec4c59e065757764e3b3a806

SHA1
07e74d370095df96fee85ff7393eb40020a73b59

SHA256
865c8757ae7131a3550de09c7f23ae3d17f22b8ef5400a5d40f012f563c93f22

SHA512
4c063fc26aec23cb6909795b8c8439e26675791357b6a270609756ae8640840c8ebfe3f06f38940c63f9bb2a1161687134d49cec4ad33675b4dcfcfd6955b0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52d0f84e5bff28cdd6b5d6027d015470

SHA1
f90eb54c8deb48bf83cd9cd6708c6ad9eff91264

SHA256
e7bd67ab26466935db4bb8f2d1c159367f376ccaafe922aa987b79a9fd524951

SHA512
7266b83023390bcd706f1f7c9ebd483a365d200af80b598df723a0d35799f4f6c26f295e757f88892b6bd79a30dbabe99319a1c8e4785f16633c8976997954d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a76.TMP

Filesize
705B

MD5
22201e556201cf19435555c8f1a74c9d

SHA1
7e8053bfaedeaab9a6551dd40ebca314191fba81

SHA256
05b6c22f4685e601553c6c09bee20dbe86181e09b539c7be55093f7b6f2942c9

SHA512
27f867e612fe2c5343f2ccdcb76ccec465860fb37009a6da99cb301ba6326699db7725fd4745c0de3f6d3df0bbf7fd1c0570ee721c3e313ce1bcf78c6a971d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b221c480b3d492c99a8b48634fc803d7

SHA1
0412e36fb0cd4afe43b2b5772fb2154b1a3f6510

SHA256
45c02da78bb60ece2fba708551befb0a2abfdf2308066551bd37c025c6b4eee1

SHA512
c1a3d0eaee9a135d10e6c3a36fff02cee2790129dd6f698688bc20f812d63ae5af0ff237f4ea2d17fa19510fccc2ca4162c2e4e3c32c1214658bcd449396ef6c

Download Submit