hxxp://www[.]conicet[.]gov[.]ar

Analysis

max time kernel
197s
max time network
232s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 11:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.conicet.gov.ar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
3564	msedge.exe
3564	msedge.exe
4472	identity_helper.exe
4472	identity_helper.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 2004	3564	msedge.exe	86
PID 3564 wrote to memory of 2004	3564	msedge.exe	86
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 5004	3564	msedge.exe	88
PID 3564 wrote to memory of 2700	3564	msedge.exe	87
PID 3564 wrote to memory of 2700	3564	msedge.exe	87
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89
PID 3564 wrote to memory of 564	3564	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.conicet.gov.ar
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9866a46f8,0x7ff9866a4708,0x7ff9866a4718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1442702571148885283,16638400794691799368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
db4683f6325969610c50313b6e0e0eb0

SHA1
c84200fdebe6aa4c96c9923cef47c91fa84abd75

SHA256
8ec0e075b6e9f3cf2b0ceb20f8abfb271432aa0af1c53170e3cd6ac36efe82e9

SHA512
ac8f1f912ed7bb4d8d5bbe85fd187ebb30051f35aea92fd8a3210a9f9bed43905617633f5e4181ea804583758090d6c058be46b1f7aa13bfb0e00394e963057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
840B

MD5
ec16ac5efabe8c42bac7badac1b3ce0f

SHA1
3fea12495719df5a53a59cd66062082d058e73b4

SHA256
d83e168a3307c7026283ce49cb5bf1fffa86614de53628f8162b15be99d105aa

SHA512
4b72d371b6af97a74261d1caddce2347dd90ce1874f863954fe3cd8a839f5eb1b7c506cdbe9a0e9904b196bb293f6cf65d8b0826f04e4291c2b3be1070e873e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b6e76af13a32880a78485be381a0f71

SHA1
54141ed8195cc6580f6f8dab31db1596de68fd44

SHA256
753824d664fab7c632444db90bf73538f36e026566f550275b762688a0489799

SHA512
fbc252c38686ae4619b750f7d35de4a1d866243de0776cf58c0cf403fdb6bf6b0dd263129670d2df39ce94cc016b12d4e8a8979da348961cd3f50fe5b3970873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc3250cde3460f9c425f42b01d392ee7

SHA1
c4c22e2c65e397949266e8e4304f15610ac0b6dc

SHA256
9db559a6bc41bd8a8a14e7e9cbcdd151be2d79d5db8ab754217c5a08e6d2b48c

SHA512
6f9cd3edf8844a3dfdeff35b6ed4c01a7da8b77e1e94fef3ac6353cca8bf89ccc3f7c3306bf599d62a01d1c6b2abbbce722d666e15142d9ea797357b412caded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fce47bcc4f9d2c6a9beb7843d619346f

SHA1
bd67257cada89d7d10443095797b10a64909b6de

SHA256
dd5188140e758a44251c85e1af177579fbd2c92b6d9f500573eb12c3669d67d8

SHA512
34e42e6f3147a6140992266ad84781cb7951904aceea6e3d7c23890a0a97a3b5c9dcfa1c134bf5faf1e2ab670a25cfc8af815595969d55a3d6c4f7ab5a3395b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6544fd061c2ef5543f14fbe123f351a5

SHA1
acb9e314a15679ffdcf4474fbc3732fab452b92d

SHA256
62d96ccd37bc954308aaa06b197ce831e3be9ebf0e647313ec61e88ef0f6dd7d

SHA512
503faa8647e0cb3fd4e525864eceb429dffd2ddffd1a8a99f689ee4ca516735492561759c77da29b0249d153247c5918131ca7e8de483f1d77128f567050c4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9e4edbf1ac3968d03539e7d67cbe106e

SHA1
f6c7d6d9341d952ac18c55d198a6baacf2cbddbc

SHA256
647a8543f5286f09f6c5caa467854d6b365880cb8a26ec8dbdc6651251b86154

SHA512
d33b6f9f9d92225eddb8b9e6a0e2ecef8f5e431d8ecda04282883e4d39d2b338445b7ceca39308f288f7b8a80190db4c3ea35de036de09209cb065f0b81d3b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b081cf4d7ad4000b98582ed87b5c766f

SHA1
e6b6a284134bbb8d07bcda32987b5c4479cde56c

SHA256
fb8779795f3b0dbee2db1e520bcf74f6c64f167f6af49e2e72ab0888fb405f5c

SHA512
94d6454277e8eba5ad0a2a0927281669731399d258bb40912cd74fd954cd59c2c82eb25dca6a877b6a8e3fe0168d78f311a298b49aebe6a1b56ea0cde3a6f6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58272a.TMP

Filesize
705B

MD5
c6e7fa468ce4401eb77d2e51ebe35c76

SHA1
fe09415f601196e109f8f7412f8928490d24571c

SHA256
a6e85272b66e630bb6374503e08078037d5eb48351cbcbe1963c0d9cf4ac5203

SHA512
245e589c01775581c0148ae7e1eeefb731f58d7b3becdbfb4c5c6f0858d9c6c725fe1cb64a4b3c83bfc9f9e2d875ac89559ffa6cdf8af08d4b3a6caa0e62bd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
923f066fd2ba2a74ba58314f575e27bd

SHA1
5249f8676c1745474ce909ce10f73a601b934fe1

SHA256
e34159a683055c1e812b432641b2fa849f4328f5b405d2bb807de90e3f79d70d

SHA512
406cd4f8d6818b94bc141d934c1d55233342b7eff30deb59b411cc0075f55b4bca462df2ea79b9653ea049c64a446be10d80ed5fc184b1e76672a31017c4c811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
208cc4e927a800e11fec826c8bd57f46

SHA1
42c22a9975b39a85218247ec201193b0cf73942f

SHA256
8823a080656e7f46ea6f86203743c2aec5d07d2f29c2efcf61596664f6faa700

SHA512
2c6fd86edb513c182ad9c71c62232e805cc5cf08f4358be55b4721b2254a1f164f778b1d2935dff9a5fa412e102dcdd8809d93af90658d0d60afe804e239815d

Download Submit