hxxps://go[.]microsoft[.]com/fwlink/p/?LinkId=708614

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.microsoft.com/fwlink/p/?LinkId=708614

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3676	msedge.exe
3676	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3676 wrote to memory of 3696	3676	msedge.exe	76
PID 3676 wrote to memory of 3696	3676	msedge.exe	76
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3496	3676	msedge.exe	87
PID 3676 wrote to memory of 3236	3676	msedge.exe	88
PID 3676 wrote to memory of 3236	3676	msedge.exe	88
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89
PID 3676 wrote to memory of 3840	3676	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/p/?LinkId=708614
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ec8846f8,0x7ff9ec884708,0x7ff9ec884718
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14280821434804071814,9119330738222988777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a92081e231ad1e45e0e875c7024e34c3

SHA1
40d798fce9f3e6a67ba9775da623201f644d7e77

SHA256
38e25a6e6f7d79a7ef82717b516a002664fd5bbb5dfc7bd4812dff367fddfa49

SHA512
f8c259763e4b673e4c6afde50adc0e19c36b184e07a517f6cbd481f940ffa18ad07a435b65aafd900f2d75a7f4d9ed6d44d0cbf853fc87542d3b669718ac6b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
87d334a2d59dae5934ecef0a21dcbc7d

SHA1
1de8882efb598661fe4f2d218098b5efc646bea1

SHA256
d056001f17f47efeff8382b2f80f2a774e0f9af7adb48b8c7748922f390fdccf

SHA512
35a4377ad68752d9747af1ee1be033c5029467c51eb277a5f48f67b76a4ccca3a5cf0df4f2af4123626e1eb0ba22fa2d4e664d7adb39b9b3c6b2693593560eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f629637094c04a9001a9590f2d83405

SHA1
1fd3956a0362ef7123cc5e8996de7a532c76963b

SHA256
c07f0b8831839f03965883e3407850cae59e87cf34d0046b465fdd43df4a6119

SHA512
3fc2a4637a2586c0657607f9484890ff95028707c4b07de7d91ffcaaf8b69f870dce493646cfc5946ba9b133e6316af39690fea47a5925720cb3f521d7150bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28886c0bd9462739399ca4d388c8360f

SHA1
4d67dc25c587d5454edd7c8841160dc44659992b

SHA256
02add01bd3b12c67cb1217a58bb7615d5fac1528b18d698a79de72a719fbda17

SHA512
28d9bf4990ff60824da772fb8939e71a47589c2e93681c1a6baf616e3e10bed267e1422572c0d9bc6bd7af0bc52d37302420a3d9b1cefe0184e0f6d0a8adc911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5faddc2ee7591bed746db215761c77b6

SHA1
6fc89e9408f4e9de01bb77be3cfe5b133cd7e96e

SHA256
d99932a4b300c9a7ed89c2ae60990153e1ca58cc7fffcb627a7885d13cf6f3c9

SHA512
a72e7b84d285c0a4e4b21dcb5fb9a98da38d556413eb0fcfbee5138fa9396205d6d09e0dd8dad56bf3cc0bdcea3f36aec616689d93b1b353b842008a53c0204f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5817d8.TMP

Filesize
1KB

MD5
f853f1025df92ecc64cfa2c76c4af9ef

SHA1
8dce9ff4427baddcfbe525db4d8c41e59d49ea21

SHA256
db57f55914f26f309f30c2b44392aa30371db958da3abd8c131de8a101f021f5

SHA512
dd2f826fa9a09cc7dc4d28861537c2f3c199cd93f3688c82fab3cdb9b47542df8007e939b3910e59094dd448f551b6428d58a04bb32399af7c7e75ffe5ac5d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b05431bcbcfed0ff7096463cd1d201b6

SHA1
9d2bac69b2a75aca5aa28fe21ee9ec2b9e4ae6e5

SHA256
cbc3250859737cafbe0525712a48a2eed5e95e81bba4eaeefe6f3496ee909f27

SHA512
65af369b077a756a615766bea7f14c03cf966cbde6a309d6f093ef1ede0a5e103704f409cbd8d099a87e9226f176837a8199231a0799c52de9737eedf538a36b

Download Submit