1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
Size

649KB
MD5

fd6f6e9b801c2c0e18441110440edaae
SHA1

42febe82cf2abe7051423bd007294987bfef4f8c
SHA256

1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654
SHA512

cf7875543f185730a03e8264cd3a96ca5262d96b68c43a1b9ce536b843f5cb037a1397e9826dcde92591478dbd6409ec19b331cc9a8b30861a9bbd12537a87cb
SSDEEP

12288:vdAzlliAgN52ViezY0gBwHqXbblb1Zn3SHNQmuiGQgeGYMqyM4pFuC7Ra8TgdZp:vdrMie0bb1Zn3SHCPivoYR4pHTg

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wxlog\XiconShell_2023_11_14.log	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
3092	msedge.exe
3092	msedge.exe
888	msedge.exe
888	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 888	2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe	85
PID 2304 wrote to memory of 888	2304	1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe	85
PID 888 wrote to memory of 2592	888	msedge.exe	86
PID 888 wrote to memory of 2592	888	msedge.exe	86
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 4444	888	msedge.exe	89
PID 888 wrote to memory of 3092	888	msedge.exe	88
PID 888 wrote to memory of 3092	888	msedge.exe	88
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90
PID 888 wrote to memory of 3204	888	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe
"C:\Users\Admin\AppData\Local\Temp\1a4d6eda83554ef028cd645042f55f978d9808accfc83936acb52bb6fd269654.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://gamead.swjoy.com/pub/201708081806314870/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb03c946f8,0x7ffb03c94708,0x7ffb03c94718
    3⤵
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
    3⤵
    PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:1296
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
    3⤵
    PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
    3⤵
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,6321272917269563557,6942095160682938685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3584 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec0644181d05df71b334e38676cd94c6

SHA1
44f1a63feda92f57cdf3524d92b477dd64d31ee6

SHA256
63ec5f8b29e6510be57951dfe0aac11249272faf60ad66c6b1f6fa87d764313c

SHA512
9730670a73a357cc97e1e3588053c2536bf830027c6801bdbfaf1ee5a149807aca5c82181b99d6969e5d694b8eedc924bd6f101b7917716acaeec64fa27699bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42bf1d725ef046c3fd73efc0aaa856fc

SHA1
7d839349f3b481502fb5204a4a3c7ac1e002ce92

SHA256
13bc5d871d951cbf1567197be34601de662d9bb52710c36cc7594d93d476fa0b

SHA512
ea3f75961049849e28cd0dce1fd91b45b1f2f7f20428a08642186e1b1edd5aa7b1abc04c09672e45688c335f9444186fc0e65ddcdfca9f4ddd0648701367ea5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6fb6e8b39065b84065d807aa03369559

SHA1
9eb2311142f84aada5781f7e0433d59a99a5f2c6

SHA256
399e045da555c0573e6d2359fd8f4d53804cb65348154d0a134b505ebaac683e

SHA512
b6bc340c7b4d4838badfc647f306bafbf693210244fd311f7fd0c5344f437f56babcae807fe91e763298b0068fde4044e4678515a43f24bddefa484b8a830038

Download Submit