hxxps://www[.]virustotal[.]com/gui/url/c2f5a3f1e2323d025ced97ab8e409862b60a00a329d0accc82e1f1b8e479eefa/details

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-02-2024 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.virustotal.com/gui/url/c2f5a3f1e2323d025ced97ab8e409862b60a00a329d0accc82e1f1b8e479eefa/details

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
1500	msedge.exe
1500	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 5068	1500	msedge.exe	83
PID 1500 wrote to memory of 5068	1500	msedge.exe	83
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 3676	1500	msedge.exe	84
PID 1500 wrote to memory of 396	1500	msedge.exe	85
PID 1500 wrote to memory of 396	1500	msedge.exe	85
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86
PID 1500 wrote to memory of 928	1500	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/gui/url/c2f5a3f1e2323d025ced97ab8e409862b60a00a329d0accc82e1f1b8e479eefa/details
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7ea46f8,0x7ffcb7ea4708,0x7ffcb7ea4718
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5235164474015461150,992511403520364466,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da1b6517068e56fc1a54b158cedd5db6

SHA1
bb4d52455584d15c744c2f42bf723ae89f6eefc8

SHA256
f499fd07947dff9d07d88ae50951c35264226d7d8e197f7da03adf19805b44af

SHA512
1b902056b0cacf5d04982b70870e72bd5b4f92af3fe5bf56eb71ae496c376f6f3303e84a0c8e6613e0734b6990be1a6cf14c90e28946e6119f586662492ec118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6499e45c3533d8619ead3c893da7abf5

SHA1
0c72947155f57f4d3e4d9afc792377deb3bdadea

SHA256
a874fb230a288d34c02d67e159275c0a7b0c13c3592e20e9f1f8037a4847a47d

SHA512
ea61169d23e369548139c57a49c10370ad100203487af1824153d960ad5a11b3fcb5a9c1502791cd456d6cd2c1499d5dcaecd0abd55654467211345bc4e9b601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6fff5ac02b14f1186eeacec4df4ba361

SHA1
55b1e62e3a396de7d63cfa0b5dfbd52dd515dca5

SHA256
1070cf7bee8f2d635ed8bc91f58ca3982d2165504279747e4921f5b6bf2a3538

SHA512
3b2dcf5f67206fed6e06a2f5966a4c8871cf44e811a3d9a1cc4e4ed4ebaf2a11c88497626f6cde446142b1bcbe883293b8b9cbc3bd9a6e13a2114705e00d9e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05f9b5efb3c41ef08b417033df1c20b9

SHA1
8b5319d8883343353f720ac2c9812ed36a8576cb

SHA256
ef0cdded0fac6fb969fcdd667429697371331299d84a58da89ac770f13473374

SHA512
badfceae79d502f1f5aedcaa629598328059ed7d01b95cd13da8bad42c77cf870f32449108c06ddfd1ef166336300eb6a7a6022a05c35df69d3c099aa05345ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ad02e54236ed49fc7dc5528c28a32f1

SHA1
d60e7e50d77bb1ee31f15ae074bc5a8f33057f87

SHA256
6bfce4987aa6835b973462d417baf5665c51d28bb2433eb668f3aa6730047282

SHA512
1e6cc707b39786ff3d21451ae6106919661853827147ffda7e5692e911292965410969a58db78c8a9395fed4de6dcb52ec8e56ad511da02ca80e61d9ece358a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dc318a8768ad61173d646180e6800c61

SHA1
5146fe3b85b59bb927caf49d81c005e8a06c499b

SHA256
48834d64470f8753d4263cfda262f35a4e7173c0391c9883c2206d47f0b71e60

SHA512
fe5dccf2bde7827704a01690f16ce2ef1eb1f3965e06d24ecd73d8dc37e4655101be115393916d413cc396e10213a7845466330f858b01cf96638f7c3e9d0ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587615.TMP

Filesize
48B

MD5
9f606c31587f12affaed09d006e2f317

SHA1
dd4044bc04053e1020e569c7ab762ab6d05a2a5b

SHA256
dc3d86a42b1dd2a01d85f81cd9d07d1253c35b06d168e1517ed09777d14efaf3

SHA512
54e898721b5324bc2fe23f33c5640ae6604cf060fb94641e35f47a3ac04a7020b492735bf094925fae816d79d30972c6df4d892ad9b5715a055bd8ff4135477c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50202705e0c9399c6e24121010dad670

SHA1
e3adc2a0d92467e46f18c0fccac2936082fdf718

SHA256
01cd335229ee68ac7a96e5725042a5a82dee933fad9bf5809a968f3fd637febe

SHA512
d1167def7d1379ebd71ca6f129b9dab560fabe0967fe2eaa06a9e13f4aebc2393da3fb613c43d2760dcfbee271be823f72b4558c74cbef75ba24b48c8bc75faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3aa18be7725e9b1a23c948ef88eaeab

SHA1
48da9e2009e238dc4ba49bb3bc5f938c9b64d14b

SHA256
495698c2c40286ae01276da22e164b07e5ef9f64de42c03ddef30e10b34df400

SHA512
2ae82dd9ea70ccefba754d1288ae46046793519188547b5a4840f67058361664a76a9251f439e7f5ff7780f6290cb0375b2f93eb6efdbe39ce782b8dfdb39bb8

Download Submit