hxxps://www[.]spa[.]newyorklife[.]com/Pages/SIIDocSign[.]aspx?TransID=2101104658&partID=2101650307

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 21:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.spa.newyorklife.com/Pages/SIIDocSign.aspx?TransID=2101104658&partID=2101650307

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4680	msedge.exe
4680	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 3300	4680	msedge.exe	83
PID 4680 wrote to memory of 3300	4680	msedge.exe	83
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 2404	4680	msedge.exe	84
PID 4680 wrote to memory of 4844	4680	msedge.exe	85
PID 4680 wrote to memory of 4844	4680	msedge.exe	85
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86
PID 4680 wrote to memory of 4016	4680	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.spa.newyorklife.com/Pages/SIIDocSign.aspx?TransID=2101104658&partID=2101650307
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4c846f8,0x7ffab4c84708,0x7ffab4c84718
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2726232328244389598,14595761859144113891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
31KB

MD5
dcf3c6e834faf6e0a83aa46c346608e1

SHA1
5a528a54fea6eebf8f42cbf00d3ade7b3291ee2a

SHA256
9b599ed9110643ca6ec2c342cce4a88ebf07849ce29ba6b32c58022ee84c247c

SHA512
a262343cfa2decb33d39555f7a7faa90986436a72e510046685bcdf5add3ed96876f497642ee489b6bfc2f49ae783cb81a6662b12026c9a195e699e7d25d5b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
41KB

MD5
ecbfa5c816770af9c11eaf8fac0422a4

SHA1
ad4c4f2e88a99766d96eb2357470a9666f8b7189

SHA256
9a1e05fdbb8c43d1936ebe79a357ca743b135250d31a5f29de5819f831344e72

SHA512
f64808137e9908069411c7b668a86b1233d5b7500fbbd71b465cef697c9b7bd6eaa7888b228a44ff30a4d21c9e7dbdcdb28757e1976a40ca82e9e96644f4559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ae765b635588f8342846d1521d50df17

SHA1
8adf847e610e08c76bd3060419358db788c36d87

SHA256
65a06849a8d108160c261326cca798904c37b100ff3b228d0cc38a1f3cc28e66

SHA512
76e5adf653baffdc7ee1c79b5e2fba26344b0649067f89ef7d3a8758d9321854da6f72e0ef8c3f928aac8b6841b9cc80ee142e5b7ac92292ac56032f57a446e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fac73e93f81274ffc6f66fecdf710c1d

SHA1
7fe324cb002a5332eaf23ad6e6c7f687ffd54c08

SHA256
8ad31a25bcc0cfffce3cdb0b801c370111c5901c89027b3f48da7fd6d53bcc62

SHA512
cd09773cb7dd7c80e599bf965b64f3999323d4ea63b79175d3ea99a816aeee1acc03997d9f6eb7cfeff6b95b87b921e33a729324876f17b7557cc66017426deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37d93af1a488ddfdc70bec74a5e85e76

SHA1
ffdce311f05e2c2b7bbc099250e70a079eb66e7e

SHA256
9c6912222a2421b64ca091fbba7750a49f5e3423da48baada47edf37b8247cda

SHA512
56104039af887a2072e0081f5c03ee09c50c487d07f7b133f4f54d18d7addaad947c3ff8ef6310aaa0664ce9026b3c563768cc23bbbbf098c3737c362e62903a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
726a9a593b4930a15196274179a7acaa

SHA1
dd87da957f77e51ec9d54c9ecffbf0b4e1d0a51e

SHA256
757a45944ba20a479cf22efb2b724ea436884256481397d63822d1103b381ac4

SHA512
f28efb4a95adb6435c745277fa1f0b0a8cce3f629052c45925c79c07112f602d7bbd60242a1dd737269c257a2d3f51df356b0979ac4c4ba9eb352da1634b1db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0efa8900316bd69cb7b3c85f8b81bf76

SHA1
9b2e85dc33523411aca92cc38caf3b7011348b70

SHA256
b8c2726be5b632e4a70af987fc33abacb20c2a10ccf22301f95b67d8d944d502

SHA512
50b8464ebc20198574729a254c9c899643723de71a1e5d2512e4605cfb9f3be8a36251eec534cb9f33fda2e8007d27115ee18afffbe7c79d2abce8f9b39956f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac4a617a-b93d-49c4-9f9a-c1b9bfd1e343.tmp

Filesize
5KB

MD5
514651f062da6c7569e7eafe224f3384

SHA1
f05e8b9fa2bec2277476149b4b43fd89f2b05a55

SHA256
a32c76d2a3bb7c9a47e3c88ff255861d87eab4ba26111e6fd4507cd9a0fa38fa

SHA512
81a6534eeb59588bd5da308e093850ff244122a57fca02105c91409cf276d3f6e9633a4130e43f81268cb647a9a29f6a659ed68213267520d20d202015d67f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
509dd30cc03c2acbbfd61273bfdfd6c7

SHA1
01d122e5505dbe73516795b6aebeac8a7227610c

SHA256
8e10abebdac89a3c24a4125036c81f07d367c587db37432050f99e4dffb77cd1

SHA512
e57f621948216e1814250574ee7f1b40caa8a2ecc096aa1709acf7f090b29c2a40109b6d7632e0ed801d3bdb8ca7d5044c1746f4ca3af823492df91a34d879aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit