hxxps://4c20a669[.]820c6be6b16a6e9d7286f143[.]workers[.]dev?qrc=lacey[.]hudson@centerpointenergy[.]com

Analysis

max time kernel
263s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://4c20a669.820c6be6b16a6e9d7286f143.workers.dev?qrc=lacey.hudson@centerpointenergy.com

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
3976	msedge.exe
3976	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 3544	3976	msedge.exe	82
PID 3976 wrote to memory of 3544	3976	msedge.exe	82
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 2400	3976	msedge.exe	83
PID 3976 wrote to memory of 4472	3976	msedge.exe	84
PID 3976 wrote to memory of 4472	3976	msedge.exe	84
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85
PID 3976 wrote to memory of 1288	3976	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://4c20a669.820c6be6b16a6e9d7286f143.workers.dev?qrc=lacey.hudson@centerpointenergy.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7ffbb89746f8,0x7ffbb8974708,0x7ffbb8974718
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,642577847143737523,14165352925785066681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
93e550e20e5e5994f8b6dfc32f8d00b7

SHA1
a491b21807c744348f97846f2b78e5318d800173

SHA256
97f259e9efec4fac2f94643072991c689851b637c73c31f5b05a4a27fbe4eba8

SHA512
5b026e3dcf3ab95297116eaf936b042b9da50e369deab42e1e7f5b6b6615b9faf68227b30a8e59324dc78725f310531514d7fee106a22b11a03d2315fd17836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fd3c18d111c6744cc6fff20e12b75ace

SHA1
5fdd1a254d832338f5ef765270dd323da5d2aeff

SHA256
c739ff05ed2afc7bb49bf70d09179b86b277401a55d721ecb5542958139e9527

SHA512
b1ef8d0dcba54890fdf9c81d314215f5e6568d921c55bf874eb4f8945fb13652513746fe685ec1d845ddeb27e78ef49d1411db2c163729fa504c452c28b1b7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
976B

MD5
405f1979f970bb4daaac1110a764be91

SHA1
93c8f142a380402c0fa6fafe344c10531a5dd074

SHA256
86f0a8f2547f881ec175e2577178b4a0d42030643835090de3a7bbf2bb00ed54

SHA512
e79b378341341033955b3b8a3e00e50c7400f07923be111f7d865a8f6360e59f594aeebe15490f0a5b3014736974542b9584ceb2ef60d2622b93f34f4ad398ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cbd9d5eed9d58f993b43813da117f35

SHA1
b3e7ca09eb95c5ff27e37197344e74ab5598e7f5

SHA256
ddd00d7fb1cc550f1e69fca879e600900a0637121ccf07314753c567cd48149d

SHA512
08779bf1b12d621d8f1e362e19f8ab6dd64228dfd34941c4bbd61e20974c2a2431cd0dcbb5b79f7f528c053fb38684b23bc5fe83500a63770703a409d780b78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98b65ac4de3fc9b6955b36112e91d36f

SHA1
c23b335e17b8f1650f03398a32f8b1c266ea26c2

SHA256
df4065ad7c55a4cec7c3add4e5ac92d6859e07bb32d8d000a43cd6e6bcddd659

SHA512
e37cd8c2f72bdd84b28ac573142eff3581e957e58edbab3de857b45ce8b7263e4e5f62b8924d0f6e55c50e3d4cda93c07cd8c947c51ef1946dc688769fa44ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d19f0167e9493b83e3b97f4b9eab0ee6

SHA1
e2043be6f252909676d5405a784d48910ffbb65f

SHA256
2967bf738444f1dc992f879c34cdce948ed980864b665dd15969201badf372f7

SHA512
02c6a687ee92a590ad076b97e1143c1e3185d5c39c7f586b1505c797d5d55151d394e09cde42bcdc1677b1c0bc4bd23ccda2f9222e73a27e3dacc72c4e28e2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db685d294f7a4c921438bf0614ea6efb

SHA1
d7e2cda175f212b15ccff33ab4232db1e3692c54

SHA256
be3e6cf5eaf2ddf6127d370b7f31bf45e3e610f87a9745961f80e1101b4bc77b

SHA512
1d0413bdf3223c9112da5c08a6db02933252cf1ad5c5dffa7f5e9a592850a2af2526ec12010dbe1dffa88816b96a5dd1434535d2de9c2a7ec6cacd5a0919a56b

Download Submit