hxxps://luxfermagtech[.]us13[.]list-manage[.]com/track/click?u=924864ccec2577c9df4a148c2&id=3fc8bf7e7a&e=5921cb9f45

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://luxfermagtech.us13.list-manage.com/track/click?u=924864ccec2577c9df4a148c2&id=3fc8bf7e7a&e=5921cb9f45

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4960	msedge.exe
4960	msedge.exe
1688	identity_helper.exe
1688	identity_helper.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 1292	4960	msedge.exe	82
PID 4960 wrote to memory of 1292	4960	msedge.exe	82
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 2864	4960	msedge.exe	83
PID 4960 wrote to memory of 4072	4960	msedge.exe	84
PID 4960 wrote to memory of 4072	4960	msedge.exe	84
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85
PID 4960 wrote to memory of 3800	4960	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://luxfermagtech.us13.list-manage.com/track/click?u=924864ccec2577c9df4a148c2&id=3fc8bf7e7a&e=5921cb9f45
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10376399786806310839,17387400093909674026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
e412702848c53df49c1112f6a13fed21

SHA1
8e82a603248b2175d4362e538ad6806fafb13be6

SHA256
1c6899bf7e54d3999633962ac14c6e981507f6d9a65c9546095da3bfc2cd876b

SHA512
cc5181592fda69b9d2f3720483c660cafe5647516b02917d818b007324f54ccd32e82cadb8c9572b346d5dad58d0af7e1ac2807097b47633b224c232f133ee57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b64da637c9c86ca4313ed3dacf803555

SHA1
dc37115db1bebd2be8041cf1f1d12346d57ec034

SHA256
a47bed4c5f16a060e8da79e6390c02406deb5658bc77dc1be298a003f1f4ce88

SHA512
c32433d0a405cd7681202206dcd5cfd5801dc058f822ba27ec0ade6500dad3c1e51a48d820b2b2160343713cacdf13433f388ec7e203993fdb27d9a2186bc650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
272668cf97291a729dde4cc6418b9ce5

SHA1
b0e41f4fdcef77506917f34f2787f93cd1fadfe8

SHA256
aba6d3da21a6e5f55e829fe318f039f009ffab57eb9d118958b31358818c1a4c

SHA512
54100e467a9b126905ac6cf6b2fd4be2401042bf83d3e4251e098822b59ff8509e75ebd28bafdf82ed90d67a3709f40777f13384ad74df65a4eb22f5bc4686c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98b8dce4a17fc8b1219c186d5230fe26

SHA1
311d4d95bf8c7bc2821e720ddd07a6859e012c40

SHA256
294f3f7a445bf4da04c5ae3bda0c52c0e58348695a8cb03e1740c73a968ac9a4

SHA512
fabcd4863fbe32c87aebb8d74faf7cdbc6ae9838a89d773650685a70dadcb9e52b8471371d4bb3a4e6e2e96860e0ab63cad6db591eb661cb0f6cc60e46dd1fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69c732d8cbb45027e3e5eb209567224f

SHA1
d20d3f29a320178afcb033f23b37c019670a5651

SHA256
84da33b940a62659f628183d12cf4e1cec0a6c1c55c36bbc5203c97213e52d40

SHA512
16aaec3a1fe2c8892f5e116600ab8f238a438cd437bee1b41b43951e5e454dbc4080fe401a8e9855a447d9185654389b3860fb9eac7ddd49f6df508ac4d043f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3dee5f56912e1248c59b0d7f2e2217e0

SHA1
dcfe52db31e000cf1b697cf9434b8ee07a39141d

SHA256
e7ea5b85f4ffbab22520b8344793f0e8de856a9e433f14d58525633b3635ee8b

SHA512
5b3a9dfb00daee63c5ef365c15509922ce2c8189a6dacc5bc36c24550ad4860411d678723e5f8d4beb021f2c197d4ad984bf558dffb9d4dabe3c04297c144e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bbe.TMP

Filesize
204B

MD5
2d7236d46839f92b06109b839bd27d8f

SHA1
d3d3a6022d15a1bfcbd83fd1d5ba574fb240adb4

SHA256
2c21204fa70287d63ca1b9b3947200b7cb2019c1391a0b837db9ed40e3e72886

SHA512
2d21612c2dac9f40b2d2442c905ec651d3f567b9e0dcaa905dcf158a2f0bfcfd4aa7ce32851bde2106e37ba341dd356db67e5d31c13933c049568ea480dc3947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a4dab26e4c220db0f67e3a05057567c

SHA1
667f3d9c712d15383c4d7a100e7f7c06c560d059

SHA256
b5ad5aae7027dbd397d045680baba02efa0b47af9018b21b8dbc08a81a774e4f

SHA512
e9309b6b88f0d52fdad7980ae18f378763a1c39a6e93b0c53b08be8200e9278fd3733b997715a04e0ca1d600cdd6aadc815e8fb25afdce5b311ddb56cffa1194

Download Submit