hxxps://timesmicrowave[.]com/phase-101-webinar-summary/

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://timesmicrowave.com/phase-101-webinar-summary/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
1020	msedge.exe
1020	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1376	identity_helper.exe
1376	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3904	1020	msedge.exe	84
PID 1020 wrote to memory of 3904	1020	msedge.exe	84
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 1908	1020	msedge.exe	85
PID 1020 wrote to memory of 4976	1020	msedge.exe	86
PID 1020 wrote to memory of 4976	1020	msedge.exe	86
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87
PID 1020 wrote to memory of 228	1020	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://timesmicrowave.com/phase-101-webinar-summary/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc457746f8,0x7ffc45774708,0x7ffc45774718
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,14529876390978255207,11685812833623805073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c36677175123092874f8c2750c172d4c

SHA1
5a57aa0ca3f7e99e240e3993b46a75f6e3105357

SHA256
a897c1d52473526a3da1a22a3644403f830e2d6edc1e3079f9bfd97a41d22004

SHA512
6ce8bad56ea626a53feb7b498ccdfed731a6ac20b57f4060a258d2ea460a83f28f25f7324489a4be0871376f4f2bef247cf36f59dccac0800fa8cf7959dd01ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
4583a12e84b84fce053e1d6d9f1b87cc

SHA1
3391c06cc7355b451a0cb3f60cf26c9717e75b52

SHA256
7e1f254fc1718961c90286481c1fbaa658c97a713980f00ebb50254d875a10a8

SHA512
8cd5e6a343f556bf1d43f1e5730f74a37308858e70d04455a30082dbe54ee8d2b264fb27b20d96844f938aadfe749b2617ca85c871f1ab70517b556ddbb3f849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9fd1c9d0142c72a70bbb8c3563cf65b6

SHA1
977fe6ff6209d883052ee13a55c237f3272237e3

SHA256
e704dd691167be8a1f78ddeefb5dea514548aeae9217318ddd73a21ae0f908af

SHA512
705758cec24f2e07ba6454e0a0a17394cd7da19fc39e14a0dcbd2bd3d934d49de98ac56aa45602211bb3a2ee4d9ff4aa02eab2fa1ea9315cac4118950a0391e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9c3af3abe8df79f00d01a8d9f45462d

SHA1
3778e0a6ea4edcf8d61da0e75a19676fee6cd544

SHA256
64b4d15709d050766e2554a0249503c04ab2cb5628286733ecdd512ed314c738

SHA512
19e5102e3cf6e72ca41f624e626ea0d818ec15e3d058e25a75dd5d7c67eed55b4eb2fa4ba23bf107a4dc5a47861679aa5fec6f8bc21003cf58b3ed9877f5f3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e145a8dab75a0ae3b477fb2c9af65036

SHA1
582c6c3b467af80d249fa4fab55e10be2149aaf9

SHA256
c68421795ff631b3e137eaae677fbea9eb058afe80ee1c711d0e0241ec0b376d

SHA512
da1a67f26978ff16856ec25d9b2c77e5818cf89ffc9214cb3d1cf5da66bf2e5b1f3fae5a29ded14dc8e67960ecb64a62062dee2cd84baf29525ca844b6068bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
991ee356bf294160cc05f9b14a7b6a46

SHA1
b6b8482683b85547686eaceab7f04754e99453e9

SHA256
9fb8eb470f14e4e33d1bc532dfb9edb67e06f8a216a6960e4f559c52c5fdafa8

SHA512
7819e9af60dff1fcf5643522552567e51d5a31d6a86801fdf76db0e251629631a434b40825aad694c07c8b732153f957fcfbaeec024bdc352728d55f16148cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c7d32ce1feb0d6fd7cd8133277bb356

SHA1
ebeafe456940e64a7b5ad34788bbfc397a467aba

SHA256
dbfa70b7621e504d364044423597a926cba6fb0f7d22742b63342298586abaf1

SHA512
b68179265334db1ffc612a642c734d3ed106909ff2cd7b06839276474ff866f498e86a6b2e78d00f8688dc487c347b7c9043a5817d8069eb30e5a8ea9e33fb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46b05e25dc671ab2a3f2fa4b737a004a

SHA1
141042d495da078f1fac9073fa311978ff7fdf5a

SHA256
e7df31efd4a5d6dc70c64321a8878f34aa2162f14be6e26f1bd84cdfd376e50e

SHA512
aa81021d826535ba60c1ab31026ff88508bc8d51bbc2b907b1efcb607d4c47c3d6c7aa252e164f12647df9cb14c4d5af9cc0058acee650cf03d4fc9677602816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597e1f.TMP

Filesize
1KB

MD5
5203be8c247883c44938c5822d1a3a36

SHA1
327b7e8f18fba3d903c7f2ad16100d674fd49c83

SHA256
6b8d47e9749721ed3d420ab687766533c04b2066de7d90127423423718692b84

SHA512
c9fbfa0523efc9deb7de70c186ace31340d88ba2af99e1f06d3dd751db754d7869ffe168862a3027d62588a3793c1c083d87d392aa388d480f7883d6507705bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76dd57b72be6ecac1825eb3ca4685025

SHA1
1692e6c0163559de19de1d31ad846b67cf40ab03

SHA256
7065ea35974a71de90f543d06b43836d94be0c03dc78eb805ffefd22607cf752

SHA512
a3b9a4e793749bdb8a55404b8b229e597e9671668185082d35d4bec24382ac590a00f58d6cd63ce296e64083480076ecfe1dc5379a5455fbb44a6ac6533c48c6

Download Submit