hxxps://pub-8b41d1865d604a439cc8d6cc5efe45f9[.]r2[.]dev/webmail[.]html

Analysis

max time kernel
157s
max time network
169s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub-8b41d1865d604a439cc8d6cc5efe45f9.r2.dev/webmail.html

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
4900	msedge.exe
4900	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
4236	msedge.exe
4236	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 888	4900	msedge.exe	20
PID 4900 wrote to memory of 888	4900	msedge.exe	20
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 3012	4900	msedge.exe	81
PID 4900 wrote to memory of 2828	4900	msedge.exe	79
PID 4900 wrote to memory of 2828	4900	msedge.exe	79
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80
PID 4900 wrote to memory of 4604	4900	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pub-8b41d1865d604a439cc8d6cc5efe45f9.r2.dev/webmail.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9abe03cb8,0x7ff9abe03cc8,0x7ff9abe03cd8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13699573091364258940,1239428892413429628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b09c5d9d170124cc803af2dd5f23e2b4

SHA1
41a3ddbafd6f3062f07ec162679bfab95fd88482

SHA256
5e6d5fcfb3805ecd4d9388837551cc02c5452f03cddba1b29b23fd02686befd8

SHA512
8fd1752211ec074f85d0ee59f39bea6e639199602d71ec947940575a9c515dda96b1eed5af10d513e21373f64a6d03146bb3251aa690830110ff4c6c486b4036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8105eba0-6aa1-4e5d-80d9-50cd1813922f.tmp

Filesize
25KB

MD5
c7092e044a47c593ef643da75dc6a456

SHA1
80e8bca84e362de86a7332742a62834ba887deb4

SHA256
18ac390cf8b5d7c5ceb90ce5e744deedc18be8e33c84e214bb64fbffd0686751

SHA512
b93ed015737a477a735c03e0cc884d746444d081dbb24d542ebbfbc2d30a5101799d2564733780091f28bf84adc3c7b2eadc265cb6bad6f26080abf63e0f085f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4ed096f3f00414f922a149d4c3183708

SHA1
8f40fa13c3bbc518ac20df5a73f7fd337ba7843a

SHA256
420c051d384ab272632386088d4966bbaa96f608336dba86b774aaa27b89e35c

SHA512
35c455043f021b3e62ef5ed8c24970bdac1d21887e1f7179c9384182ee67db3b46117209c66d194196da7241b1a32366c8b1467e81ca367c5c7e4e48284a3012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52a4d2adfa35dbae15b41778e680412f

SHA1
1c8dceaaf104516044af109f9549f516072b7555

SHA256
1b512f5aa9a6c4183ef45c3a748d2272c310b9d12af1dbf4ceb0725874691d3c

SHA512
3d9b2498d704f89e7117400f786d9d3e5d1ba29600f73435a8fe6bf39630e07e2144ab5804767cb12a100f0dadf56407a8765154270d2be31daa17b5a974a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
ded7e86852b620e6c49323a3bf2471aa

SHA1
98d4a950a469389cac26f2ffc2f29a92ee4cdfaf

SHA256
b422f3988d28c04bdee8a7fd0a7ca2f2907e509296c35425ea9ae9219d2fc7f1

SHA512
3b48f8b74a65f4efe43bf81d5ada1f01ae3ae51532d8f2b967d2955320e5cba5b43deae3da599b007e41341c2165d5676cf068f2edac5ceb9dc0485c33eab44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a0e38b9a269577c6e68e581773ea78c

SHA1
37a290e49f100c90c91fa96e6e9b745dc8da3215

SHA256
b199ef2bbe2912b6c126fb858a5e96c74be1a242477e9e495d982ba7ed21a58d

SHA512
246c4159e3787df1929004fe5ce3c51cbf356491344315fb0573f16b01b5892624644b98a8c3ce7e8d3322c6f877af9d10b0c6715d88c954100846f6ddb7cb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ba57848651a122c030074061ac5f292

SHA1
0177da54c4829f94aee02691c2e1daf7567d59bd

SHA256
eb3286aec853efe8d38a9ee199a4fbbc1757bf6f792cacd97b6a0083255240dc

SHA512
bdfaa4a3917bbd383c39d82d4e6ce38cf20ac3d92b99e25c716621aca01e86c2110bebc1652a72f5be3b5210397ca19292f0e5134b4e0253b0f0625c4a8edb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
927783ff234623423d5e046ae73ca977

SHA1
15fa5d2d001e6b0244c78b33d6e45a311a1fbb7d

SHA256
cfd9b3dc25a832019dfc7819ea2ac58b3b31253c6beeddcc77813b50f22e1967

SHA512
87ffd6992066c624a565c13c638891c13019a502d87fa46e23de899dc1a155a0ccd929a213865fc12fa241e2c052d346e6986f88b7a88ebf36d1ba347c90a71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd3c.TMP

Filesize
538B

MD5
6ffd26c48c44fb9b14747b0cbaf7cc62

SHA1
ac8e98a3b52b69f9eacf36590b885401f2e4257e

SHA256
c6b3f6ac9da5f1cae7df2d216d5b133bbd982878e85e63ced19c855841da2772

SHA512
5e3137bbbe5b253325a5a916aa2f146e8df1d94c5e3e781a63293ec48cfea1e4c01553401a929b6701a1ff0ad48622063e8b302ac695a2b08e9d6b422078cc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe0780528364d3dddd82939eec41acdd

SHA1
cfb1866a6cee9947ab8f8010e85bbb1ee8f64cb6

SHA256
de1896ef9525b0beef1e80e14def09b827e2ff05776c8bd5df3d8c228aba6d78

SHA512
20967877eb0c207b0ae637bf389b87e9020e43c35ed5cbdb569787cacbc3bc4caee681a8a183597f0c552d91fecd9abb71f9a32c2f42a63d28e08694aa4b39dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0f90bfe99849ec7b0fffec893760afa

SHA1
2362e875bc253821d58ed38c6e0920107397c731

SHA256
5cf1d46f942195299c06bca0de89bf484b500486aabd9b241a497f039cedd5e5

SHA512
6ac520f29ffcadff377714ab6cc0a0c5ce1c7a720be4cbc1e006da30f65be7ccf32fa00d3ae68953c3ff8e7cde6e5cc181dbf19602d89f484b5cbc4b1b693fb1

Download Submit