050fe7c0127dbd4fdc0cecf3ba46248ba7e14d37edba1a54eac40602c130f2f8

Resubmissions

01/02/2024, 03:27

240201-dz4f7sacg6 3

02/03/2023, 22:56

230302-2wynjseg6s 4

02/03/2023, 22:53

230302-2t28ysfb88 1

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker.exe
Size

501KB
MD5

f6722f9f28173138464a22fd516c0275
SHA1

247c828444f9ed61037704b4e2b6f5431f410a73
SHA256

19f11c65f6c8dc386e9e8fdc79326fd7580395d9931a5e952feac40d26a88907
SHA512

2ddff2df9e550e6dae9b3ece908e9887e4ab4a26d056d73a6f224b0f0ad981c499819c211701f953abbc79512c821725330e35f905ea743d9aeb3f23a1646c50
SSDEEP

6144:Ry2RPslBVptHpJA5mmWRTzSVRkzyNXf6tyRqgrOEqV7DIyohcqSHP4ooXHE:FPAJJBRaVS+NXGyRq/x7noCq+w/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
684	msedge.exe
684	msedge.exe
2448	identity_helper.exe
2448	identity_helper.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 684	2980	rbxfpsunlocker.exe	94
PID 2980 wrote to memory of 684	2980	rbxfpsunlocker.exe	94
PID 684 wrote to memory of 4648	684	msedge.exe	95
PID 684 wrote to memory of 4648	684	msedge.exe	95
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 1324	684	msedge.exe	97
PID 684 wrote to memory of 4780	684	msedge.exe	96
PID 684 wrote to memory of 4780	684	msedge.exe	96
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98
PID 684 wrote to memory of 3508	684	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/axstin/rbxfpsunlocker/releases
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94bc546f8,0x7ff94bc54708,0x7ff94bc54718
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5542593829621940181,15728393607368865415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_02835C6072261A584AE38D197B622594

Filesize
313B

MD5
2beddf92208e83d97f8b5fbe3bbb37fc

SHA1
1ad24a2abfd64acaefbec9fb6de807c660e56f0e

SHA256
225c99f881245ce0806bcee3f86b855342cd62da97efda9986850fd3ed076436

SHA512
74d078e2e0bce069a866d22fca5d5bc3de86b50a16d8b64f81a5dd33a41a572ec56c07bb7325101ea4520ef79f5c441cedcf624086026b0c9fe66bc3f9cf03d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
528047f8e8d53329886a6f73112a2643

SHA1
62d9dda9dc928af4f7a0e62a47c1a1062eaebf3b

SHA256
2a6153c15246bf32fc98314aa11630009283757962dbfa7d989e8977cc853bb8

SHA512
1e458c6109aee6bf4d3898c91c22684149d96226893521d9b7ba342ad2549caa85a49800e520dba9e990d98d691afdfeb7eddde1374662be380f0129a0b3ec6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_02835C6072261A584AE38D197B622594

Filesize
400B

MD5
e27a5ecedcf4677b06430284fbbf643d

SHA1
24d6073acecc09c1aa53292c940cc34869d6a8db

SHA256
a37214f51c79957a32d9f620d0dad6cb3e06bd486d192fdac048207dcf58f0c1

SHA512
081f2b7a15bb75ef4b1afcc0e1f60615b900d9963feb1841c80d023c9e1534c0c1eded1baaa2cedd3a68e9210da3dcf40cfd2674533d3be0bcaeae1c2c3b2ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
8d80e20be4850bd5b4ca734ea0828118

SHA1
02d9876687a157caa5a764bcb8e920114086189c

SHA256
ba14c028721e73a3a4b40db7df297889aa7319c86582a4be65e513a087c75d04

SHA512
b245c91a3dab90deea0283772cd9b5c0ba75c2cf774f2776b83389165978e9c40136158ec73be08559cc6a2a0f0485bc627487d135d0b297617c14ffc69687f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
22a072f068d88eef9cb71ad269a65c47

SHA1
7a09a13aa8cfc1ed31d8eb7505d29a8f61bbb95d

SHA256
00592a3eeb03a955b10c0dab472b16f4ac38f4463042b08267d26f578e3356f0

SHA512
ddfce8d60d7026c4760e06e7bb6a0fdd48489e147e12997f3b065b3a5cc6b82c9397169aed50255cfd811339a6c2a341c2c63f3f656eb8348d3ec97c730094a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
c55a0ff379cb32458fc626336461c1e2

SHA1
f2fbbe8ef773c99501d14af0039f1c15d1f94bbf

SHA256
4044f309101531cb3772e44d6fc770c314507eec5c37336e866b8163a54770d7

SHA512
0d7230502968d7c5a4c1c5656d856e035ebf71599b42327f3f440a0117044f101c572709d48fb7773169f0f546c4ea4af8a9e6974b14159db602f32f55948cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9f9f7dbe3d5d5478882a56e2fdad380

SHA1
1e194a7defb01789685f9b62641fc32caa01b91c

SHA256
01b9aa404f52bf8865228c972c5469ca3c1aa7f7b4c269d6ccfb1296cd53c60f

SHA512
8d5c4b3999a0b587362146f6ed3988d74aad1d599018f0f1ad8984ab9f2ae45ac1503fbf425e863adfd3fc61ebe24c2e2c41309f861abcee7e7e7cd026a63fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce431f0c86d360c20deaa319776f2484

SHA1
71b9a60dea051702fc66198dbb1da197b200efb1

SHA256
2fa24a41ee79c1b3581e9e715b551e1b9fe68b3145d079de19352454f23993f9

SHA512
eeb56da31150bbdddb582d073070a226f80c9f6ce0723100b04cd335f2279204ebfb2038df759bbd21fc85670b446380e0d744066c7cc08e3f9a8afffd73af16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
446a28ac41e2b0b1fd67008bd71520d5

SHA1
eb007b8e5a83afef24f157d881554c85c4060cc0

SHA256
f41904e26a18bfceef2a7ce90252ab9ecd373edeb89238a035e387825aa2d409

SHA512
2c97392d750e7b603dfe9fb975b55aa90f0149aab0e3a534e5a7efc0107002baeafbfd363e2bbcf0327a912e0df7aeeb87232f124e7591d8081de53a23df41df

Download Submit