hxxps://hrfrontdesk51050[.]emlnk9[.]com/lt[.]php?x=3DZy~GDIJ3bKDK37yty4Vudt~nQljNH2kexhXHbLUIWc7pz7zky[.]y[.]W-2I2hmN~x

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hrfrontdesk51050.emlnk9.com/lt.php?x=3DZy~GDIJ3bKDK37yty4Vudt~nQljNH2kexhXHbLUIWc7pz7zky.y.W-2I2hmN~x

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
4992	msedge.exe
4992	msedge.exe
448	identity_helper.exe
448	identity_helper.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 3672	4992	msedge.exe	83
PID 4992 wrote to memory of 3672	4992	msedge.exe	83
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 3108	4992	msedge.exe	84
PID 4992 wrote to memory of 220	4992	msedge.exe	85
PID 4992 wrote to memory of 220	4992	msedge.exe	85
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86
PID 4992 wrote to memory of 1960	4992	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hrfrontdesk51050.emlnk9.com/lt.php?x=3DZy~GDIJ3bKDK37yty4Vudt~nQljNH2kexhXHbLUIWc7pz7zky.y.W-2I2hmN~x
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff30534718
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18335909559806268484,12133888528042785896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
2dc9a9e3bf5b8d15b4c86105ac6062b4

SHA1
452abb3721d61f38ca13153fc9f51621ba383d11

SHA256
f4fcaf584fe0632b2bf76fd2baab6b73bedeaa5529d9007395d891c0b0a35161

SHA512
7abd33e9517490e6e484f1edf1ed986f4c9b4b14027c0d47cecc0d7e8a20905d0738441595d74a487414f5bf5db791eac4630cc259a08851b0717c63fef5c171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
23695b1fdf588b7bfe6cbb8f6f95418a

SHA1
349d0e99bd5e5390fa9cfbedf7a83ef9f0d57508

SHA256
cf48fa3d1cd86a41eb002d4d8a17865e98fa9d1e54f380997ca678b3b62b9609

SHA512
d293ce1b86224944d6d86acd849efd853e7003e25d3cddb9222c64b4259728086a4073ba2e719da4bbb63ecf1d425cc9c55b282cee8bc421d2346e7af6a9b489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2c2b9d2b04b6e2a2790e650466596f4

SHA1
7df85ea73d4238ad51ccaca6474d832adc784969

SHA256
d1aaf10212a6eb1af303253d68585c42f47c96bd4872a9f198381479d7ffdddb

SHA512
d53e76a7d7ef1d12e4cb9b5cf9e832893b2e38422f8f35ac947e18d228587513ee7ec535efc4b542e2a9009a9a67bc11b9684df84983a090bf842e832a1095d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4884b0ab3b6e353d2d32ac997147adb6

SHA1
cf71109d577827dd1177663cb7fe3ea3827d475d

SHA256
d56fe3a756ef731e62d3d58c86a15100ae004c414d077b00cad84f4c67c86881

SHA512
6a5d2d5be1846f7200c2b248f70b06664199816fab4c766ee0c8f622b9a1ffeed1a8c5d208685a105d7a16b0f1e07e70ac0eab68d7e5f917587703e65b8655c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f60d3b7b6f27f3d5cc25b4482a34cd32

SHA1
3887df2ef9158fd475572476905ba35e6b2ee56b

SHA256
27b6764b79c18f548925d5d38450f06d9905883d5228fbc6c7bd763f9b018c21

SHA512
6c40583c61c5e18ce106eb45ac41430d0f0083e69c93b11380c9b155aab26060da21f95526495c16f198549f2eef2cf53e65262e2922aa401e6e6119ce25c603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ba1b41c33831d31fb8c59265730446c9

SHA1
65d41e2978a8461594b6792a7c5223539943f388

SHA256
54c118d525635f659f8e2fcb0ddba239858b1055fb34e6332dc6fac26c8c213a

SHA512
b48e5e499ba9333ece7a57d21eacd3f08ec2f3344e7604d9634077bb98507fc07a4ae65ec826a8ecd8aa891b9c2090f3324ff88e6c318f151e8ed4ece844f50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
82c4c8b065acf0be4b61f4caa88dd4d4

SHA1
2c240862edba975ef43587ea84a0661481a3cf21

SHA256
5137eb5ebe3b81661c82b35898637a94dd53a010fadb485ee089f84d2d8b6631

SHA512
26511c8f465e0615b6440758c22d59d94f4980a1a11141015e28bb795415231092061b5fe91e4b7b37f8df5e1f2241c7d489c6c899aaca2e1c7c1c481a55d68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d59.TMP

Filesize
370B

MD5
4784883ae5b829bb3f75c62bf3d33938

SHA1
575f542e47b2ea5ed84a140fa936db407e6eed56

SHA256
aceacbf5a8784499951e6ee8e4c6a8530e5972a336c139b6978690fddebd8e9a

SHA512
03faf287252ccc8d7fe0da115fd75ff1d9cd68d19dd609f2c135a45e27b83b34f67f08befce52f6a7a8520042fc6261b70ee10607091332e5e36c3be0d13cc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4bc754e-ba7c-4f30-8de4-8d8da48ef282.tmp

Filesize
1KB

MD5
ea194c16cefa2ccfa1181cd9dba340a2

SHA1
6315b5093899932d015c940bdfb8d95ebd77492f

SHA256
8a1c7f412784604eeb1c088114385271ad7b88de219bbaed28325265087305e4

SHA512
2a613eabad700fce03f0ee0f72ddd747f377db7a332211da4e543d44563575c57872adbafd0d8575f582f5828c14549d3e57ce13e86bfd37b0fee18a8deb5739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab159dce1db979235f458d39dcd1df32

SHA1
6742c99ea4a5e8afe7cbcf998f98f6765f4f29e9

SHA256
633b853008f681e5b3719802499648298d9ff60d8aefae1cc0bb0f47e80bab8d

SHA512
800ea5ee8f264d9783b39e067f8f659928658e185be1d95bb46ced0b4ca3d975817689e98f24c7cb49d0b4331bcb804157a9d100787c7175613d9cafe7119858

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit