hxxps://www[.]v2b[.]ru

Analysis

max time kernel
600s
max time network
489s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 08:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.v2b.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
228	identity_helper.exe
228	identity_helper.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1076	4928	msedge.exe	69
PID 4928 wrote to memory of 1076	4928	msedge.exe	69
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 4984	4928	msedge.exe	85
PID 4928 wrote to memory of 2468	4928	msedge.exe	84
PID 4928 wrote to memory of 2468	4928	msedge.exe	84
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86
PID 4928 wrote to memory of 4540	4928	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.v2b.ru
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff769c46f8,0x7fff769c4708,0x7fff769c4718
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18349935954152084508,11840373949530918134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f43bd02f0d87424b30a29db484cc779f

SHA1
819bf20d666c3a1647dc57fe0824d6991f5ade18

SHA256
70b5b7bc5596005b31c08fcd5c7b3c1e88d3e22d72db11b2c4e32d773d655d02

SHA512
a5a29f019acbaf85a78957927636f61e4b74934990071e164709bc575168f5410e5fabe03e8d2163619301ef91a6b712c62be2d1e1e23b793ddbe370ebe44e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15d8131565e0fc839be8792734947fc6

SHA1
75cbb8ade2b0f61fec53c26283bb2cb7bb0789e6

SHA256
b8031121abe0aed3ad8657063978caa818afcae51951d3e865386e034fbe4b31

SHA512
01f9b4719a1876a10f29ca761a084120b7642f091d53fa2d0829aa56a85fdcb8bc92267161e24951ab0aa04c361c68029aa5f513944950cc013b23f87dd86a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8bc843cfae94d70c3e3f5268c7a57a4

SHA1
21b1ad768474b48a0810b46ad434850e93d7d3d0

SHA256
22f5cbf39a7bac9b187f30ee865022bf824194e7c3836c8de5fb4b8f48c29614

SHA512
0d9f8018e22b22730e4dba30cac7768ae542f9501bc2a291b9454830ce3dff54e140108ff7ecca12b296199f032c377cb1a1ae1eab090079c5982f0f6e53edfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59de8fabab1dc643f55f4c32d616c2c1

SHA1
138d8d62193866fca15b1bfa352bd62f40160713

SHA256
8bd359a6e842f4e15d4ce80c834f5c712dcf2d201fcb94ccf6cf3c53ff5e9f11

SHA512
5491d5bf601de993b886f71f1582b9904738a9de69ea5c48ef535976e01549828fbacc2b32bcbd096a7947458af4d1f497e44a64d39aa809a5d23ed5ad246506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fa640f4c9ea474bea213ee73c758c36

SHA1
31a0cf20959b441fe139a7a00a604da070900c02

SHA256
f41a76a6772121eb15c273f08d6d2cf2981c283f069bbdf2c6b88a0e72752a14

SHA512
0c718e7031b29bd2fd2f184f74ac4bf31bd86a99306e0fc3fe8d8b3175e66aaacb853f62e0247234500898e6fefcb4d02aed46be536f8a546f720d6ea0141286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
25550af26c4c1d2f1fc02b7f0fda9273

SHA1
ea25f98cf648beaefa8fc8a0079f39e50f6466fc

SHA256
2c10153d7c63ad5f92c61be74ef226802e206e457ee72adcd1219e53920b19b0

SHA512
9dc3a177b825afe2ee73c7d621c7b7a755ceb65ad45a711283307a0057dc4ef680ad87cc1e15f423b1e4193694dfa8b7c3ae7fb18623d6dadd6db81d5ed64564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0ae835429b497c84f858db1a784a7fa2

SHA1
21a83efbc45bdba811138b4786b133a19d5eb2ce

SHA256
a67cc9c9a9b0faefd95a6c7e4fbdbd2a9df435303956482a229026cc4ec6eb24

SHA512
81bea606971726aa6a59d10a6340c7e3f34a3a2343d6ce5ae5881596adfead0d1b830193fe783c805caf3f263e2f49800d03d54ca69da626063de50d3af9e525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
eff5849f7fccbe39fd62ce0fd65927c9

SHA1
134a795afa3550951046a849be461e0126a563bc

SHA256
372f1ec5e3a943562188dd361195439ad945f3d067533dbdce6abe44400be96b

SHA512
4009d49b2d5df3b4f6647b3a03c59d49dc356fb9b8c05512db59a39f45eb54461ed8608a2c66d4ae43d554e25a2b3659b2cc82123029f37581aaebbc5cebeeee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57daa1.TMP

Filesize
874B

MD5
782472af403c89173522d92293eabfba

SHA1
c1df44ca98f7b129977f9154a713b4283ce440ba

SHA256
2754672b46ab573360d00ea1698bb00ab1e59bd977f243f31a56b69781cb7b83

SHA512
710d9d1e4bfe32c3caa69efff768dea4aeead5f6bd62af39ece3ccec241c3132c10e3ad323543bcfad71273f5f295cc0cfaeb2a7d675029ece66fdb8dae16b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54aa1c77077d016873e9ee3c8a232649

SHA1
3750de302b59e1ff88cb34146815c3255ef25ff6

SHA256
565eadad3b84b102b8257aee80e031ffbb478a52f46fc326b5fcb7162b0b084f

SHA512
646c80f724a0128118ab401686ff0c3f37c5b802f1013f8db5b946f9d707a23c9c3904705e698ea9ad3bc4b413e2d56e2d66572a3cb9d9c6b3ec76b8bb14a613

Download Submit