4cef262cd6d048a816b8441686ce424e348256252959755d806c21dbcbe372b8

Analysis

max time kernel
42s
max time network
102s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
04/01/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Galaxy Swapper v2.exe
Size

4.7MB
MD5

bd8692ab8267a84e033a9216d61d3951
SHA1

54103dec2ac32bca2540d7345040a6a77473e505
SHA256

4cef262cd6d048a816b8441686ce424e348256252959755d806c21dbcbe372b8
SHA512

86145f72d6d7fe1eb740d0c70fe7c8c461da337b05f58b5e80c5121ae497fd37a991faa4d6fcb8c0129634e6d17c34f4e04791309ee215c428b14d08b2e0356b
SSDEEP

49152:hEJwoOoJJCUR8vJi4DwXkYRY6BqatCNOuJT2F8aHE1vTvO+cq2+5wC9z+my7iA8/:4znJuhxwXXRYgqatN+j2qYeDluupSm

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 924	1500	Galaxy Swapper v2.exe	76
PID 1500 wrote to memory of 924	1500	Galaxy Swapper v2.exe	76
PID 924 wrote to memory of 2636	924	msedge.exe	77
PID 924 wrote to memory of 2636	924	msedge.exe	77
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 1748	924	msedge.exe	78
PID 924 wrote to memory of 5000	924	msedge.exe	83
PID 924 wrote to memory of 5000	924	msedge.exe	83
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82
PID 924 wrote to memory of 4888	924	msedge.exe	82

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1b313cb8,0x7fff1b313cc8,0x7fff1b313cd8
    3⤵
    PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
    3⤵
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
    3⤵
    PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
    3⤵
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
    3⤵
    PID:4924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,4623030522607188883,9324406743533645305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3484 /prefetch:8
    3⤵
    PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d943a8cf4efd126466512b0952309e2a

SHA1
6a2398d0f51bd03726846cf3e63cf057c9089fb4

SHA256
193acec13684c624ad94981200e722c9acaeb9e7b9df41fcd20de8a3169c2302

SHA512
604e55c870302f893ba79432a41da9ba923001ecc7ce764d8372207cc6bcc7a5f7f44f61c14e21415f292d6746a1abe678df3f496b7231b52e571221b8fd1322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
92KB

MD5
67ffe8d0d5fd8032944ddb66f22ae020

SHA1
55a2751146a8c9d82e961c8d9406778bf9315e7e

SHA256
3004fc4995eb43cc912ca28b519c56301848535369e82127ac870044f4bc64f2

SHA512
aab47fb32b840f9267049e2693a9e04e21d196ba5420d6fa6cd8efb8e7aa70ed13303f7e8f95da9303c32b251abf77a3c8fa2283d38c059235213695972b0aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1002B

MD5
c7703efe5d1243cc5671edf170952ec3

SHA1
4dd5c514b304c98e4cb364029bda50f0c66ce5d9

SHA256
3e9a86bb5110e0ce9f04f300ea4d7159f66785e3bc45215803b8be468c69a850

SHA512
8017ef3af3b59dc6fe91766eece88f4a6d3fb4d2fb16497c79f78a5ec3219fab7ad0b6602696e005f0a2d5ea4ff2d84c19fc2c4d59d96a3dc6f3ddb3df9956b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d7d60ebe36810a7895a5d90a48bd6bb0

SHA1
a21ccc13700df6d19ed52e1978db871e608e6d7b

SHA256
b4698fef649867a07ce2ad5196482445592c2092bb327860348c3abded2a7c0f

SHA512
4eebf6bf20fe688dcfec5a3f414b9d0595fe13170bc081b1cdf71cb424b624a1d1f926368181a2a0b63e5e7ccb83c45338a8349a8fc36366650ba2a7404d1643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
77eaa3ee5411c9770d268cad36271d28

SHA1
cb7b050576a6bddd85117ce6d0b450f787288c24

SHA256
8d0960d3a2a888356ee8cc265c320d210e70a7a8b1fdab1d0aaf3bc0e0f6f6cb

SHA512
de91f87931dfce3325c2b0f8411d12ba7bdeb9b5f451b1ccfa5cb3ba2e10000b5d4023bc9ea6d626758e774e910ae3121cf867fa7cd9c1f44d16a49f9cbf9daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a917eed96401088770f208d9570a467

SHA1
fab4949146feb1b52f7333e63a85f4500bc64974

SHA256
ce299cf419a4b96c276565ecf56cc06aa1ac8ebfb4af297a2d4276f76d758675

SHA512
30dfdda72ce04ae8a1be9f59344ef3cfbe7855d521fb640d52f0c5f035e4d86d420e4e9e4cec72aa81ab7a5a3199c959cbedfc39088ee9fd620e4977a16d1e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fd5fed1978b183f845a54f89ee74f27

SHA1
a4d88bbf43fcf146f771c8330a532404ccbb6d32

SHA256
ad5fb58481ed2a9fc47f374f433a3890015cf83083b932f146cfc0a5722ec9b1

SHA512
6088110132cb62cce9360f81143df8b03ee5173c29799d37cce6ced34230002c7d47f58871c1e0cb7fe2302a34647fad9d4b1e9415ed80613f7bfa79f9816cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9175c5f4c6004839411fb6a9dd9f9e47

SHA1
5cf35dd0bf1885ec099d0cb0f91667ad628ad0f5

SHA256
cd83ebd4c839922fd178269d5459c90ab6d8f782ab95508bdfed1a269dd59e28

SHA512
69b9a8d2cf1972dcd321059c15295e47d0e6b4362ba151d8bb35c5ed97b771c0d2ae887f8f8394387488fc94490bfc005f4c4d1faffeeb9b7286d4e8e15d2344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
96ef0380c97220c7a8bd1e84aa6a93a5

SHA1
4c568f3cecb9e5eb89538dd1fe6a5be7a6e4c97c

SHA256
653afbc13bfdf41960d635f702c4006da53e2379b3b05e5897543e2706400827

SHA512
8177f441bb32d965773f0448bf8b463783c66e18b6482187d656f959ff83f53cda4deaca768f0900221654f4211f6f26be7f652567b0b7b3b720dcd365bbac21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9538c8e5fd55e82e2ebb047cdf510ca9

SHA1
5507f627f4a4d984f7caa1c3ddc6921e20462a01

SHA256
669fb03563044015424c47a76925b56223a13034fe083d17255b5805146ac81e

SHA512
bbc6c0015be0285cf53d60216ef9242e0b0033f3f9e845b260590b001c26debcc09a048b63cd91dce98c58570b4d46a2bcabf0ad482a0bcb4de15caa2784b7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85a87b366778a67b9ada3da70fc49ce9

SHA1
5f063d2145d3743bbd7fcef17c8da232cb9de53f

SHA256
d8d7c18799ed85dc2fa6b04853fed3e23e4ca275e164b651a07d0be5ee44ba68

SHA512
f83635c8b9978be8f6f34230f7d0259e1d292f156b6abff5c85909d92ec4aca424ec6a9fbeedafbdf4f66a4ff9b380992df77c58ce34b0393647cfb8c3ea3d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
139f3cc6ff16d49262d3a900eae1b9a5

SHA1
4442a335a2e41d25de4bf55fdb9401b59b65cc1b

SHA256
34fc25f6dbe6489b92d0e7b84c5e8652aa1eeca6f32c46d89b26267c39bb5376

SHA512
7ae98fea330b848e347b801ad969d1fbd64f05c1ad7e0775580f9ebd7af188584ff990c75f38e78f65e9faf8b066bf22431272db3ed980bd72d1c210c6b6975b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c22823bcf80ff0bf1f4b148f8dd4a01

SHA1
7c63255fb2b73c706d260a6f8868bc1de32f3758

SHA256
4a492bfc75db89cbacd53361c09eef8ca871791f0024ee4bd3ab86b8efabface

SHA512
2b76691bdde3fdaf06e2d9405426fa93171cb1471fe2748916fa7c91b485d785fca10f790e5f1d3497196284c2c45c9bf5aab6e97ec626b98226a8cb186a4506

Download Submit