hxxps://surveys[.]bwgstrategy[.]com/jfe/form/SV_cNle3PWSIvMsxn0?Q_DL=GhPShJUgq7vEodr_cNle3PWSIvMsxn0_CGC_lehIOR66b4bR5ZK&Q_CHL=email

Analysis

max time kernel
41s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://surveys.bwgstrategy.com/jfe/form/SV_cNle3PWSIvMsxn0?Q_DL=GhPShJUgq7vEodr_cNle3PWSIvMsxn0_CGC_lehIOR66b4bR5ZK&Q_CHL=email

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{DC95EDE3-84FA-4879-BF54-FC061F79F521}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3508	msedge.exe
3508	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
3936	msedge.exe
3936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 4856	3508	msedge.exe	47
PID 3508 wrote to memory of 4856	3508	msedge.exe	47
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 4932	3508	msedge.exe	88
PID 3508 wrote to memory of 3156	3508	msedge.exe	87
PID 3508 wrote to memory of 3156	3508	msedge.exe	87
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89
PID 3508 wrote to memory of 3608	3508	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://surveys.bwgstrategy.com/jfe/form/SV_cNle3PWSIvMsxn0?Q_DL=GhPShJUgq7vEodr_cNle3PWSIvMsxn0_CGC_lehIOR66b4bR5ZK&Q_CHL=email
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed78b46f8,0x7ffed78b4708,0x7ffed78b4718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13019902136757857529,4818850151734886673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x484
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
186KB

MD5
4a2977698422c3c6e58b664643322efa

SHA1
939e0f3f916f936be7c8c49121d8f245b99cab1b

SHA256
d60610d21436821de350b6e21d3915e5ea1617d97cf20f7aaa1d5ae782cc4cd8

SHA512
ca9d91650de72ff1faed43344dbc86ea3e81d4fd615b89347d31c7676fde084ddcae30a9dbfa3b341ec32b00966004fe7d6d96e383b18363ebd8f02b982ffd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
812443d7d9997ed153e35d0cba588ae2

SHA1
5d8c076d5530bfa087f6dfc411e9cf983bb6504a

SHA256
d7419908fae3abe3a0816a905fa17a69346302832709199f10905908b51f16d7

SHA512
b0e5606daa1876ced5fefdaca242f4227b27f690008e4e9dff3d2eb795c27352a13381f2dcd44b84b803c7940c7265913847e86ae7c36b29dc2463d16638eeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99be0114832139793c9335dce3eaf21d

SHA1
f7dabbef6110e0bd89cd3482630c88a366aa30e9

SHA256
b14825da4e02fba96eef17a7318aeaeba09cbc2df6de09652703a99f414f3b4f

SHA512
4dfae88c8b6b61e0cf4a4f298a0171f684195abca1878b7349f74cffdeb252737b87f7137365219353528273b925385b89d77b5732478863ca4d707eb5556dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
f9ab60efd0adfdeff53d6a52be3d7cdc

SHA1
66cc1644415f6dbe6f088cbfe0232f7ecc85b7d9

SHA256
100649dae7220cee655f50a41c7074f0d4b23cceed2b2ed15c794755c21d6332

SHA512
8cafc8bf24535d0134d1b3f7fbc4d8a767e0713d3bd06b5eadba736edf116fc95083c7d5f6016b0d9fc67164171446b6f7d9b18a7b39f55954ccaf6be8842a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
9fd0c8240cf0cedf8fd4e49da80192f9

SHA1
c506984736f5a410fa25fa89f7efe785d9993c17

SHA256
f3277bff6d16b21f124935b80e4165fe3f3ded114cdc2304e6173dbe85998a07

SHA512
20a8ffb0f977e5dcd34bafdb7690c2603d2d5703002d61672ec9b7aeb520f2246ea6ef9f2ac156c772f994c33da4aa02018a69f5937bd91728609584fecc1fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f405.TMP

Filesize
537B

MD5
c792049fd7fcc6b902c5350df9c1004b

SHA1
be42d08fd4b2a2ccd303d783cd2396309d24eaa1

SHA256
d87352f57a7aa36c7bd7cbc4f6e35d7ccd750a11fc72a4e87eea25c1a53905e8

SHA512
6894302683dd357480e0990f09d250d420b1e049f8e4e22ae22d24977fd973c6f609aaa6f779ede9db8ddfa0e6b36c4b298ba8e6113fd9c7001921a3adc49f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91cd3f410ef8f66eac5beb85332d0e26

SHA1
4bfde72d40655c41627782fbb4ae5812c478da40

SHA256
ae72f0a6bf8f7bd7b783ab90f19ef7ac87096e4790ed00478cd304c9f8726638

SHA512
006b8a3d22f80be049cba9bce6beacb5e3c26a6428da3e6c30ee6a17daead7aa5be01e89b5cbb56fa501a87d084364a12e81697bb42f54c33c56b28b7ab8d16e

Download Submit