hxxps://appithass-23[.]nimbusweb[.]me/share/9168546/1yhogvqy0gr31fdkxgh5

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://appithass-23.nimbusweb.me/share/9168546/1yhogvqy0gr31fdkxgh5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
2824	msedge.exe
2824	msedge.exe
3640	identity_helper.exe
3640	identity_helper.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 1352	2824	msedge.exe	83
PID 2824 wrote to memory of 1352	2824	msedge.exe	83
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 5108	2824	msedge.exe	84
PID 2824 wrote to memory of 4116	2824	msedge.exe	85
PID 2824 wrote to memory of 4116	2824	msedge.exe	85
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86
PID 2824 wrote to memory of 2856	2824	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://appithass-23.nimbusweb.me/share/9168546/1yhogvqy0gr31fdkxgh5
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5ed446f8,0x7ffd5ed44708,0x7ffd5ed44718
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5491021498888118708,10798228712721441212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
aa2212554596139c9c6071eece3d2a65

SHA1
742fb4f1d1546c42b58daa4eaeb31bc0788538f3

SHA256
18526ce4b379729462f2baae6b2e16e58a043d9d38d22439990888690d3033e6

SHA512
b522fd2879251c47f32aff42714648cb92c41be239ff6b18a76223a009c204f507b40b07cb4c69c745ded822b0b4492166ec8d329e7cb3b0eefc0b4b1ac49a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
739d47a615783f0b6dee040a4019f413

SHA1
731f39db11197a75bc2aa5ddfd1beda7cc5fbfbd

SHA256
1321c0c86f6530a860ad00fde5c11d41fea793a0188df3a6f8994f7476400e81

SHA512
1d6aeab2460eff6395892952668eeb33803e63dfce4dfadf75cd018f3f109daa541950a13d7026e3b08601793ee576b7471b84b265c52bce2daf33e072e80fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a76733a8336b2e30aa510a91040c4e1

SHA1
007a182209a12c212758502b7db4a1ab19593652

SHA256
7d9b83d26908df0931b5ca451253f4a24df65306271e4c95246e6ae2490cea90

SHA512
b7671803f98a3cb26256a13e6a810e650a884a91b85472e905ed7d29f00017475e298f79b147eba07cc92d29d7fc0e902cb699d781a0bbd2c361a063e41bc895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47fb446683458087072952501f44afb0

SHA1
f71e4c8e94e7086c9a3d16caee99b1142ee6a0f7

SHA256
423ae02cb420ab35709a110a45a42f2df7a1fee03ee2ad616795ba7b560fa607

SHA512
108d4bff8645388b9e0e67669ef3cd2291b3b67ec24feea9f93c07816080f66327bd6b07ffefb68f94ff8c4da8dd4dc8cf8b316861757fea47e54585d48bf239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70ebf56dad3fe254e1c80b3c73ebd263

SHA1
6954bfe38f05c8201d0fd30b4345e3b51cea33ec

SHA256
addad4b9db4f39f675e2133631e884604f0fcc0cd48fca5755988ff1e0757a32

SHA512
9eeb9509f5df3a46e0637cee8095f7ce917183e09a3cb563d8964df59bc7fa3ea73c28ae4c98a7ecb8f22cae6712e37901aaa51e9af417eef438b0f574119fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
043e08a395819bee653a1ee5d14f6a6a

SHA1
11b60509ddbb8a9d012b5a9ed169ebb5d2fc48a7

SHA256
42da0762a8f98c8b30b263ca6f6b19105a4844cf3e30dbe59983a5cebf28b61c

SHA512
47223b242a3f8e16f4af181174d39ce215635cb6a4df1b5ae225a984ae6f8a35c0c0c655470e854c735b2694a581ef21ba71dc4e067a1f7621a553c86788352d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9917a567e75027b5c3a7a82823fff2cf

SHA1
10b8095e50a4d7e428cbcacf59e479597d85061d

SHA256
c6cbed2c38547ec3fca8219536590ccb492288b295b2a95eea663c2ed342cbeb

SHA512
d30f2200275ad20c24d4edb6713f04e911caf739264207d98925dfc6eaf37e052ef91b601fed4d9dae3aa46425bc3a60591a0c862ed0afebdbe78bc0d8a71c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be2eec7e1c1e2ee93963a39ae035c836

SHA1
8336e19ebf128a64a7fccfaa83075201064a3212

SHA256
e8abf9fae1892de6f559beed3bc4f9cb7aaf4e9d9d0c9f50956988c9f04eff3a

SHA512
87e59f4233dcda7876ae936aae2008b54740c5afd545933faa44cf7a0e220b4f59363d1abc1c28c46f9fc2336c3d22f96bbb6e3ac80a5c66d4bb28f17df9bc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec83.TMP

Filesize
1KB

MD5
ef966432a497cd2205dcf60ed74544e9

SHA1
bc231154f4aed09de091d5a51e7159b5500e82ad

SHA256
801058e95460e2fc710450659ecd8f0b70fc76fcbfe670f0647be2b34f2671b2

SHA512
37169a222fca03c06d68cd7e7552b58f9f727c740ea3316b253e8a8a5c0545f48efa8daf8109e0ef6f6b32c8ad5e2f2393d00b756a81a8f377e66398323808b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55f3561ca8a2af071641bbbf66046ec6

SHA1
ffe05c15ac26abd49043716d3ffb310e358f5010

SHA256
42b9d27831138791ff3aed8f9079a01240cc0bee5a4dfffbc39e32c45d5b3254

SHA512
22c3b104090d0698e9ca562495cfe77c54d596c927e69f719c9e3d9bf3df36cccdcf67e0abe728f26f1221fcd019ba04b2d9929b7fb28ad3cd40e5104f281d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3adeb54e3ec04efecb30152a64f8152d

SHA1
fbd07ad974fa451413ba8fef689c5f2184aa40a8

SHA256
fbcc3d34d680fdec41435fa04daa3c9c4fc9dad4c3ec2ed4ef187c5122dc95ea

SHA512
edb0cf823097e11a47bd7ac58cb7fd12b027b68f29595affa1bab1ca43adfda6b6327b46ac79c563be65a5a385270ab6180500693b787a859b43509282993736

Download Submit