hxxps://micrstf[.]online/1d9bda4fadb29e3ee916809f342c984665269fd9734caPAS1d9bda4fadb29e3ee916809f342c984665269fd9734cb

Resubmissions

11/10/2023, 14:05

231011-rd67vsdg62 1

11/10/2023, 13:48

231011-q4fxxscf77 1

Analysis

max time kernel
168s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://micrstf.online/1d9bda4fadb29e3ee916809f342c984665269fd9734caPAS1d9bda4fadb29e3ee916809f342c984665269fd9734cb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
1420	msedge.exe
1420	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2028	1420	msedge.exe	86
PID 1420 wrote to memory of 2028	1420	msedge.exe	86
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 2008	1420	msedge.exe	89
PID 1420 wrote to memory of 4760	1420	msedge.exe	88
PID 1420 wrote to memory of 4760	1420	msedge.exe	88
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90
PID 1420 wrote to memory of 468	1420	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://micrstf.online/1d9bda4fadb29e3ee916809f342c984665269fd9734caPAS1d9bda4fadb29e3ee916809f342c984665269fd9734cb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4dd446f8,0x7fff4dd44708,0x7fff4dd44718
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3441455112256555337,4909115647693325542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a76cf46bab5b6db5877b3bcf4268b11e

SHA1
5ccd3589f5bc79b8e16875954a1eaa4f315a9b17

SHA256
1a463a5668a4728c81b5baad41e87b25eace6900fbed2249491706da1c6b9ec0

SHA512
d56a3a8b8bb93c82698366f641b0500f57ce10924becfd99bca99e2c0a15dcb0d1767176b912dae33c97ec7f83acfd4bad825ced1cb0229375c9979232a0a107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
621B

MD5
42058f6ff81ca83d90cc087b45bf55c6

SHA1
287922b18e8f73cf85c25096205fdfdebea0be3a

SHA256
9d6f9b0705961c4ea13941522121fb66be24ecf5f7b64189a2371296db20228f

SHA512
c1c32a4187267d532e77e25384b82b32680dbee9a24cfcaa4c9c6dde581e898e8a0fc6ba2019681c3c16a8fdb1e2716771c1cdb54ba638f8371fec687490c8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c514b950306b9603b395637ee0f40ad7

SHA1
a584237d9331b90e791f5e2bb4fd9d88f2f54175

SHA256
abc7c10cdbac593bc19b7e162855db8b4bb9539c716cf7d07fd644f4d0bd27c7

SHA512
8e5d10bc96489b1407cb025607366288f382214ca20b4d79b56cfc19012bd6917d5327a06866c2225cfca81e79442cbaf4b8e55a72c0988259dca2c117073e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ebc61d08f512c1f1d20dc81f52286b0

SHA1
a4b521ecabda35072838f60f9bb6ab6b90be7040

SHA256
bc0afb9b336743f5961933d7deb0046aabf96364dac990ac302c1a130dc9a721

SHA512
b791d2a1092f29d7f18115f9fbe4c1697410d0334c30b238305ccbfdae2b111785da5da14fd1540feec90adc16fcfd50decd70a8e0f54216c1294f93b3223e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a1204135cf067d38d8974121cffcf3c

SHA1
52fccc294309cdfe30496334f984bc22fa807107

SHA256
1ee77620d3f84d6bd43bea735c48e464c6ace940966c2c275301899cde1cd7a3

SHA512
bf297bffc10ca5837c6ae675f8e39637e86a03483874666d0016cf5b735942231bbb6f1466aca46b78713b19b7dfdc1fcacf6ce55e942dc15aa247bb7c371c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a29c470ce4a4bca3ea477df63ef1c15a

SHA1
d1276e4f10a64064475d11dd7f9accae97650bb7

SHA256
4238f6220bcab23ce5c14649a8520d6f2d189a008fdca3fb6ace6c2c9b00fbc3

SHA512
96cad28913fe14e4769314289b44f5edcd24b03cb763cc298248b67077c2da7a8a3b60c70b8987b2b498196de4fc2c8d91804792f0c4f4c0523ef58e1a00d6a3

Download Submit