hxxps://www[.]bing[.]com/ck/a?!&&p=4c556388d36336b8JmltdHM9MTcwMDYxMTIwMCZpZ3VpZD0xYTZhY2ZmMy0wNGQ2LTY1MGEtM2YwMi1kYzQ2MDU2ODY0YWUmaW5zaWQ9NTE5OQ&ptn=3&ver=2&hsh=3&fclid=1a6acff3-04d6-650a-3f02-dc46056864ae&psq=tor+metrics+relay&u=a1aHR0cHM6Ly9tZXRyaWNzLnRvcnByb2plY3Qub3JnL3JzLmh0bWw&ntb=1

Resubmissions

23/11/2023, 00:37

231123-aysrjaga3y 1

22/11/2023, 23:50

231122-3vve6sfh3x 1

Analysis

max time kernel
208s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=4c556388d36336b8JmltdHM9MTcwMDYxMTIwMCZpZ3VpZD0xYTZhY2ZmMy0wNGQ2LTY1MGEtM2YwMi1kYzQ2MDU2ODY0YWUmaW5zaWQ9NTE5OQ&ptn=3&ver=2&hsh=3&fclid=1a6acff3-04d6-650a-3f02-dc46056864ae&psq=tor+metrics+relay&u=a1aHR0cHM6Ly9tZXRyaWNzLnRvcnByb2plY3Qub3JnL3JzLmh0bWw&ntb=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
5052	msedge.exe
5052	msedge.exe
512	identity_helper.exe
512	identity_helper.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4836	5052	msedge.exe	83
PID 5052 wrote to memory of 4836	5052	msedge.exe	83
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3772	5052	msedge.exe	85
PID 5052 wrote to memory of 3980	5052	msedge.exe	84
PID 5052 wrote to memory of 3980	5052	msedge.exe	84
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86
PID 5052 wrote to memory of 2092	5052	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=4c556388d36336b8JmltdHM9MTcwMDYxMTIwMCZpZ3VpZD0xYTZhY2ZmMy0wNGQ2LTY1MGEtM2YwMi1kYzQ2MDU2ODY0YWUmaW5zaWQ9NTE5OQ&ptn=3&ver=2&hsh=3&fclid=1a6acff3-04d6-650a-3f02-dc46056864ae&psq=tor+metrics+relay&u=a1aHR0cHM6Ly9tZXRyaWNzLnRvcnByb2plY3Qub3JnL3JzLmh0bWw&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9069e46f8,0x7ff9069e4708,0x7ff9069e4718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10761712987232496457,9670364550446178365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
a2d993ff11c3c17eb6f36fd92e5824a6

SHA1
54a4ced5e469077254f940208473e018398ff63d

SHA256
01f6a6ef076c37105851161607fd1087a536fbdc6476cd27ac5b4ef82551b93e

SHA512
fce4e417f5afbd0799dd52e6ad4696795befdecfa444410eb378ec0c6e6fbde1b566c4b2803043431b6d741014540afff54ff954e57fb43c4d9aba14ee633b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70f7b853ff4ada21bcff4624c5e4bf32

SHA1
5bb50dcea6e9ee02e182abe893c0569b7b6e0b19

SHA256
bf1f734b5505d51949ec30e294ba5910783443ed6247d53d7375b56a02acefc0

SHA512
1f9aa5b9d6383af9dc13e35519ffe7466b3ede80d915d104f20fec3ab0f6548420783ffe3fe5b61c51a27b5fb8d5de94db0c26e5fe2e841ba9ab2b5073f09fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
669bf1981801bcfd6e86f5bae8c8a6c1

SHA1
129f1651ce609934d0319e7674bca205b305ca8d

SHA256
123dfcde0a407a2ed194b9d92fddc2516c6ff416c743999348297976d92916b9

SHA512
3b9488a315f0ac241958350de414124763e724437d06bf1dbc75d16870c77bb8ca187b971e5b70364cd2a70ec1447fa8d906bb9a8e5713ecee8c360b2487d7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42394a55364b7cce1e7fc992f2151cf0

SHA1
4c222a4b278a7b257c50bdde74ab89b7963c55e7

SHA256
aa0ffe72ad0e9a3796ec85e0861c218309c244abb1a6b8ac0e3b29685634be0e

SHA512
b7d05b148ba257aa51b4033b648d77704dc10fc96d091a2d83497dbf9fa361cdc715c688f40ca80579952dc67c1899d9527c3953931f3f97c4e05f251eb5e64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
7e4b9a5859543dab3aefd32f69d9dc81

SHA1
ffd16f61554ee30dce21043c418bd8e5bee6f8af

SHA256
1674fed39b3dfc54934785e5b4bec920672189833a07a3dc3d8a271d3d3d2a59

SHA512
0eefaab9d13adaf6c936fad683fa71a09235bbac03e7a597c64aa879b2e0ac2f660810d8f34dbe77c3e17a61d3e2e9e9b66f5cecb6608723246d247b04b920da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7fc0.TMP

Filesize
204B

MD5
6eb549f880897abf8c792663c6fc3d7f

SHA1
d88f684344fdfd0d65fae59f38abab1ed4174558

SHA256
27b9a575ca8a84b6731175c24012e78649fd561d574b2a3f38ad027b31c1727e

SHA512
b93a7189840ca5f792242800fb370bfe6e45f9c2d4aa94431e5068c340487a8f1bb1a7725ee55f6a6b83294e658e1be0e64db035dd75513cfa05425d5df2f64e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa787713-7550-45f9-a152-561f6ccb3574.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
593012e51c249339c0b83091cb2d7e10

SHA1
538952df0efa658223c90751cef1d524cab81c01

SHA256
5f48182d7b8418f61879868eab5d8476e4da99ce0a7b926819397e4059c455fe

SHA512
5f6ec2a5255cab2329af8b62916d5ecea6b6c02dc8f6fc275f08962857f3acce1bf6899b73682cd3be8f2f9dc563b5cde0c7e666c38d9eba951ccf354ca3f8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da0fc526c2cf9ea4cad60bf0f4f71033

SHA1
3e819a5c8b131ea393d0a58989634b242f9aa786

SHA256
caf36cdaddb631feefcaa09097c6640a2259f522d920256872e8d8d71de84e6f

SHA512
456ef5f8e0eef0441b2088daefe16a03172b22e913381e3817721d3ccde7e73330e757e5cdcf18ce6ec9e7dda59f344e31328fde87a9a5b3b63f421551fa6c42

Download Submit