hxxps://click[.]email[.]livongo[.]com/?qs=ecf19fbea085ce396312028540305b1e074e07596dd0eee7c3df9344897dbe1719b9724d0a134a36fedbd6be70787edc844fe5a079c3ed53

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 02:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://click.email.livongo.com/?qs=ecf19fbea085ce396312028540305b1e074e07596dd0eee7c3df9344897dbe1719b9724d0a134a36fedbd6be70787edc844fe5a079c3ed53

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
2440	msedge.exe
2440	msedge.exe
2420	identity_helper.exe
2420	identity_helper.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe
2624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1432	2440	msedge.exe	86
PID 2440 wrote to memory of 1432	2440	msedge.exe	86
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4472	2440	msedge.exe	87
PID 2440 wrote to memory of 4416	2440	msedge.exe	88
PID 2440 wrote to memory of 4416	2440	msedge.exe	88
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89
PID 2440 wrote to memory of 4020	2440	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.email.livongo.com/?qs=ecf19fbea085ce396312028540305b1e074e07596dd0eee7c3df9344897dbe1719b9724d0a134a36fedbd6be70787edc844fe5a079c3ed53
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe697546f8,0x7ffe69754708,0x7ffe69754718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13948745650253796986,1625944092021038527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b3a281dc6ff4dfcbb93a377456a51c6a

SHA1
b1f5a45f06581433fc0e5ad6ba48e45c8d673f7f

SHA256
90709435ed2541fc6bda986bc8967a762def24ee5e054494ba6c5aa14b672a78

SHA512
913fa2484ca2092926cf3dbdce16e240026c8457c2bc662ddf54f533fb88123fd34d679c6c9f9c5efdb387e4998e964f29ff162fb8ad32cdaa8d4c5e76e9ed75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
896B

MD5
ae35d72b09fc15adaf5f73baa185a8e0

SHA1
c84dacceeedf3b4944807ae6ecabdfa0d17988df

SHA256
9d439278a0ae57c59553fa8bfc42de07dc54a26e3da70e558c36b460e7435c82

SHA512
72fcdfcdd2e9769110cf8a4dc299750b8a530ba373c3ce0ce615459c4641662a1b5f3008c0ec76fa4379ea6176eb914f39b67fb2749a21ca2303940a95e79f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfe954b5d11f2eb9553f0845a4de49de

SHA1
b23b2c7e28b69443516f9eaf4e643227f06e71ce

SHA256
119637a0c9f44f9986d6343c0422aa53069307ddf8f71834e133fa06331fe268

SHA512
a18ee34cb48faacb04e79e23a2727c83a94153f8717dd517d56f4a38cf9fcdf72c1f092f267b5338044ce1fdcdf7841c8e8c710527b852f48a806b4c2b1b3831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f20b3754df61eaa1787034c3df46d49b

SHA1
c03274c8472241425bf1154de3336a3d0d340702

SHA256
766187797d2378b0a869cd1061e699e4c8dd8e629d3facccdc71eb8767fc4d29

SHA512
397742978687d480405643b72612a15cfe91004e507e2efca41882ee261be6c26fca7f4bf40a85251d4e32d2105df222d122417c314ee9932b01eece83eb10db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e154a26723d077f3073bb64cfbb569ad

SHA1
be6cf41cabdee0350f43348d92d42ed70d958e2f

SHA256
c194a81fbb4f659f4472608e686698c27231298e8971bafeb50a4849ef0b124f

SHA512
30d9ba81bbcbea0b050056f7cce3e62891c18d322a7e277c811d1a07d5bc0781ed314e9a27fb701ba6f1bde19bd83185b4ffb53749c21c21203974d989d19552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
09d76314c80942c4af17103ee05727e7

SHA1
4f5c0dda1890da62c8b28d40e79de75695b71a17

SHA256
5fecbe7c334934b158d0808a6b6b3f5760e955ebbd96b1e799e60f0db47f9413

SHA512
808f47ff188d3ae6b2cd8b552c6a9e30eb0adc672ac01ee2ac9685289256ea5b793826e399c92d3f4ab373a07c3bb33d7830bb0b8a022bdc753a3d09b1903d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8990da026aaf798e0426819b273cf277

SHA1
e21e73a67479d61c4060416ef979f26da2d5f1a5

SHA256
e8be94bed022748a0bc23792a84124e2d3ab220e98babfa54c92039b453bb2c7

SHA512
368780f5d787340e1a28b5728be2bf3fb964a21a4e3b83c2950856aec2cd9180db4ad57d6981e1be3f657a8642a873ee2bed57d5e4d0c8d80b10b807eabc8874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582093.TMP

Filesize
538B

MD5
e222bd5839aef3fb4d269265ee5bc549

SHA1
1690a287ba864c5020ca132d2735a8ec72256fc7

SHA256
93ec3c8f177cda5120ed0e8e1c5ec72885e12d4c0b491232fdd2ad4ffbdfe38f

SHA512
452ae5d0e815538d7f20d2a13cf01a3e2432b4b396a027a287507d513eda0c4a9f0191664527e2d2c43e7cd9518528c8a9c3136f3b392b2ee5f2e93802b6a189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d730451ee72b76b2893a8a7e1670b81

SHA1
3c73d93b38ef2963ad1d301dea7b2e761f2dd866

SHA256
4308aa407b859fe4a72c62fd89e8637cbf2f317e111951f705c07e9cc4df2de4

SHA512
bc862a42569cdd8e5d27562276d311d6404e0e9d37feaea32cd211b509b4411cbf0c059e3656510bced5e24987aa4451dd430ff69ae6a63b068f830d56ba3e02

Download Submit