hxxps://portal[.]azure[.]com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade

Analysis

max time kernel
56s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
516	msedge.exe
516	msedge.exe
4180	identity_helper.exe
4180	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 3020	516	msedge.exe	82
PID 516 wrote to memory of 3020	516	msedge.exe	82
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 3388	516	msedge.exe	84
PID 516 wrote to memory of 1792	516	msedge.exe	83
PID 516 wrote to memory of 1792	516	msedge.exe	83
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85
PID 516 wrote to memory of 4192	516	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb561d46f8,0x7ffb561d4708,0x7ffb561d4718
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
113KB

MD5
dbd16570d3d47c9fec8b5fa5dd0abbf6

SHA1
a165399a3ba12fb5251058071203777ad683b925

SHA256
cb3992b9d7fe6bd81f809ebe3ba25e4534189f73bf936848a77e307ba542487d

SHA512
b4dfd4cad4479bcb7e0658d13483c45f05ae2b505a8c5e36b52cfc0da9cee84b3dd0eb43b50d4ff9c5856d3970ffb9a37cf6f91ebd9806c5f05e2d5235d9adc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
59KB

MD5
c1e82bf71add622ad0f3bf8572f634fc

SHA1
6ca863d4cab96669202548d301693b3f5f80b0d5

SHA256
ba48af15d297db450dc4870242482145addb2d18375a4871c490429e2dc5464a

SHA512
820a7f8a0c8ea33a8fe1e90cdc35f45dc1e143e836b0d8ea047e1e312f8caec72cdee4e7db54760a4d749cd0acfe103a27e39a9a56eb2d704e448a67b0d0c079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5c8799ba3358ab1903dce0054d85d8b5

SHA1
a374beaaf91df78d47521bf059d66f1eefe55b1c

SHA256
18f752150eacbd85dbf02c1510a11a2717e21b3fd4cafb1cdff9d2812cf01a5e

SHA512
c3f1cd6aa34f6b3a866315ab2ad710e2bacc47bd40fb15da83e70377e0b07c8f08e1b69c92cf23a991b738f4ebed17e0f5eba58085a40dd31f4af10f3f770dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7f34afceaa9614c29568e74f82166e8

SHA1
e5fe2ade153c00f81bb017767e577eae12bb81af

SHA256
b249e79072ad304e75f6e0618b6e7230802a983c1b2a9bf6517aeb92dab3b074

SHA512
c8b20bbf42ba861ae70de7b89e7d36bf3aaaefa7b99626de00bcb7d5c0e963366c08577e8ed780f233a6a32db4ca5a82518e41d945e34774a59d835a1ac26744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39704cbd62be9e77537a8d4d5a0e4a65

SHA1
a40c93d8af902bf2c552931cabbdc72e907ff12e

SHA256
bdf770ec1bc7085dc9a05fc7ffc7e5e3937a8f21c7b264bd3b021b938319565b

SHA512
55d655e1bb8d036afd0b7d9b46fb2ecde910960364e04c9347aa599a9f38c52aecc31f8f159426955baef8b1e9c7636c143cd39732701630c71063da1b5c77ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf13e9779535e8493ecbd42feb894934

SHA1
b5587b3908f46cf2f7f4367825195192738a8984

SHA256
93087ed2777e5e1a537c15d2f6ff6efbc0997c1c1a2446954d3fa4130dc5055c

SHA512
2e53c985c088a004063dfe215559e22494b5f8db81017cd8bf5bf4f2d182e51535b6ec84986db00e7f37d035dad6c409871d8cec98bcb251c94b963aeb6a92a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c7aac2d9c7a49801d371528b0c1a47f5

SHA1
b2b58e486f95425b3a864e53d10e93d4b95ff823

SHA256
490b707eb39315d0b2d66a9435bf3f3a24083da8eee6254a3a870bd35c383c1a

SHA512
419f5b375e54f9de23e4447247271d603057d115eb3ff7beb8fa43b534701eba204b174aa8aee27fcd7ba58fb9275b9d34be0b164a1ef6cdb28ef603e375f9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8c283a54d25d967c5d78498eb220e0ab

SHA1
fe5ec44636b0d910addd1b3c2d2a5b079056faeb

SHA256
09b36e215042798576073b8dcc8088732e79668b1d6df57bb8ca0e31c806a089

SHA512
5d57b836118b66eb7f0d5e9d51c3409d2a5f7d7e5fd85554639a2f2f169e7172fe596c96d7cedcd35e33fdbfa815b1ac3d3ffcf6d32fe988dc58c06930f8ee23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581066.TMP

Filesize
538B

MD5
acf54b5f8447dc6327fc75ed009f0dbb

SHA1
2d340e2d3b51b0e352b4082bc8bca9eb582e4853

SHA256
dbfbee837eed27481fd4771a62e1d7b043237e8e8e9c69e9851d788b9a7f255a

SHA512
fac31a3d6fad167bad014a40dd270e9c7f8836cbcf7ba347a28940e79ea0ff57ed1da8307ba21430bb095494e7a673eb8e622d9fb6213adb3a8d22aef523ab80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4585e2e-04d9-4a22-86c8-c1e309c6e088.tmp

Filesize
6KB

MD5
69258a26099bd5db1f617c1cc9c4597f

SHA1
ed9b654573fe2c5c65aeae4e2d3558e27e61972a

SHA256
d91c89d1aaf0d295fc8620886dc53f50122cefc0659c0e2f8434d86f6a1e2296

SHA512
71e2e0664c279c8203d118d371e640f8ff8212c6e03347b6a974e2a1711c37bcb0490a787999a815782a1afa036586c480e55cc4b04b1f198e97fe7b06cbbe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
26384da9395379b81a544498884c806e

SHA1
00ddbbc3edbcd5fc17b21bf9d5bf725e0081cb3c

SHA256
67d960086c2f4a6ff4ad13a3458d008d7af25c8190aef06cd829c6ea0c406734

SHA512
c12d7e37796ab246bbb07568b1d4635402f7b36fe7118c109321535fe276f8b4cc64cb13b6df5922e966c169a484e5d35fe5b319de9c01c8d68d8d76d0e33a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c39a6e0cd853abfa28fbd60ee5e8c6e

SHA1
c98fd7b576c8a112cb831b59bd3a94cf9bc0528b

SHA256
4fc06ff902fe08fb37578991ac3e76654d84a1dc32bfe8a1f3bc16157d4cb6e9

SHA512
01679f943054614ca7176d15abce343cb5cb4fd7cfb2f599114618b7c10bf955ddf1623db76300b4a696a0d1ad58254505820f3135f2d23901d97e04794b3e0b

Download Submit