hxxps://github[.]com/EnterAUsername4/DoNotRun/tree/main/new

Analysis

max time kernel
1728s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/EnterAUsername4/DoNotRun/tree/main/new

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
688	msedge.exe
688	msedge.exe
936	identity_helper.exe
936	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 4712	688	msedge.exe	83
PID 688 wrote to memory of 4712	688	msedge.exe	83
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 4804	688	msedge.exe	84
PID 688 wrote to memory of 1668	688	msedge.exe	85
PID 688 wrote to memory of 1668	688	msedge.exe	85
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86
PID 688 wrote to memory of 2508	688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/EnterAUsername4/DoNotRun/tree/main/new
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd146f8,0x7ff8bcd14708,0x7ff8bcd14718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4997667645410168580,14302402772550879832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5cbb045b48e6afbff75b10319ce1e899

SHA1
eb2996b4f6a7d0bafc6d7aeed25988784e34ae8e

SHA256
5179317a2cf0e98c24b2cbaaf67d5625f34e1fdd7a909e42ad12a825a47fa78f

SHA512
d6e22c3b5509c2d4c9bfb3fa06a2de5014ab2634c9371772ec72561fc9c8cbd75324777ff53e0fe85201b1d2062b38c9ccfb45a9a0c7f761fb874f3e5c859bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
242e92f9dd7df7d354d5f2acb0c67afb

SHA1
f18e01898f22294b7b902df6907b790c9787c570

SHA256
d2602d4d65336decee49e8a8f2d8e4936345cc0f5ff998f3ae48f423a4872032

SHA512
ab207c162a68687b2520cdc532dd9b622df72a497adfbf135607476a6da9ee767ff2f747df37c3b0f5e6d87ce69a141899238251fc0612f99f1e9b8ebe598e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7205fb9b5db92b2fa578f92d29266947

SHA1
3b00240e6dd5f381f07e160a33dfa1534e0f7681

SHA256
3cba8b861cf7828cc7e2930ebed537ff0e3f90d160052421a0239d139754b915

SHA512
5b3b2fcc233ffb8db336024597fc8e198fba9b0b0a303e5d5486ef1a0906829c5610ab3ec5baae80cf38afa6baf4de6240c76698394b4aa50719f85a4d473545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ff861b3554baa054cd66b99a41c50ea

SHA1
7cc9b9dd21b8d828b56895b5872375c8a7eacabb

SHA256
6b290dc7481d6f6441d0382f24185fd167bb424e0273d407022ae4463e8aa2dd

SHA512
c34b8f26078a810c3841a45a8d4df27a9fe5ec276861b7d4e20c46106e6fae5a6420123ffe482f8941f7acdb733b892f37b1ec8f7c064e658ee3081f0649bf70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
113dea58dd21b6f681a67b1b07cc1f05

SHA1
fc2749f3f9799c302095c4488f7178eb0371eda4

SHA256
551ab8fcc5cbf9dc157106f8ee3463625585ca4262a3c4568daa78f6a989500e

SHA512
000d44eedc903b52674b5d1850081d4025a6cfb5409a682e5d756602267aa339c20911f8b781fe56dee374942d024c976246ef441d97ed6860e8cd690765bbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
bb861109182d9246a4ccc5049ae6ecbc

SHA1
995494bb2a7803097ee8b51426c3066ca3af831a

SHA256
7d77cf9cf584ef0e7e8d4846cfec3e6e26b3250d0cb1006711a2ce0f607f7a1c

SHA512
627142a97ee9590bd8c8bfda912332d6707d9bf59a2b86888f9b015eacecb7a6d370a0682181f58c05e4ebca9fa3ec12994a59521e962e6bc7a281dba42686d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
3e10a1c8b679721dbaaddde934705b7e

SHA1
8b802647634e61997b2a3fdc0beae6395c4a284e

SHA256
2fb84828f4e292d2c31e93028b02376bd077b40f458e332e35a8325a3ddf9160

SHA512
55ec40a0a2ec085e901b18366cb2f7c6b502baf2eb0b8592161ff8da1ef3dd5c379a0d906ed5c4eab2d81d24e6656fd5cd7b42b16812ca4156f86bacc3c35adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a52.TMP

Filesize
707B

MD5
dcfc00eb6aa7a2e075fdfd89c65c7303

SHA1
de3712e6cfe5902001757db88239e602768cf7b2

SHA256
7488b152b3e4d9557f5303925e09d5afff25dec2f833193eedaaa4bfda092638

SHA512
aa9091be01fef3f25e00311a905959610bb5512beae55938910ee38fb9852c5d76b7681daa43e07e15e1185cfb35545a78ca93f583d35abf70fcc3e1acd60195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
bcfb88476afdb00e1fac3bd14bd6ed33

SHA1
426b5fdee1c7f2bcd58657e562c12ee744625f94

SHA256
4eee39ab14282c9ef222edb4335b0cf28a6264b49561cc3263f74c0528fd2d7f

SHA512
6901eeeac2a2c5e03e747b36675e626cf2c6371ef7aa1656c8ac9042dcf7e7819ce91b7dcc9d81eca0b2686986e617e321514d542318223e0dcb290fab29fad0

Download Submit