hxxps://meetings[.]vonage[.]com/518320104

Analysis

max time kernel
121s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://meetings.vonage.com/518320104

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{72D16493-69FC-4796-868C-7A69847B36CD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
2444	msedge.exe
2444	msedge.exe
4916	msedge.exe
4916	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2000	2444	msedge.exe	67
PID 2444 wrote to memory of 2000	2444	msedge.exe	67
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 4488	2444	msedge.exe	89
PID 2444 wrote to memory of 5108	2444	msedge.exe	90
PID 2444 wrote to memory of 5108	2444	msedge.exe	90
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91
PID 2444 wrote to memory of 2132	2444	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://meetings.vonage.com/518320104
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0bd546f8,0x7ffa0bd54708,0x7ffa0bd54718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6120558202426051976,2008430940824615408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
a852a820f76ea8421edf832d9bb4ceeb

SHA1
096b7ef3cb76d969fbfb5d5b87e4321be182c207

SHA256
1b6d29a3aa82eece494de0f36da8792d8fa863acc4a5f418e5074992aafc98de

SHA512
d7457edb0ba71399f149ce176867543afd0e0ae06323da45461281720dff1259c1a7fee3a85b1ec774a1ea69e9f1e12bfb06375ce2d47fb2ab6c017c927286bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d241a29c8924483300f2e49e5de04cc6

SHA1
52c0a4a7dd8567b78033397ebb26dc9af53b712c

SHA256
8b2c6422df90b3be222aa744166d5805e9b26e11f7db30828b2363e613b7633f

SHA512
141cbe498126379ca1967eb7c61334ce10608d0625d0bffd23f378f23a8a6ee787abb9df3e4c1248fdd386baff8a747af7ae8619552d44f17d83016f4844719e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9457649f6ce61397d810eaf63a76559

SHA1
a0abb327707a98ecc1809abcd711343c9b87c1b3

SHA256
c990d1d23cf23b83a8eef92d0f26dcb95332467394ded5d131b018af6ccbd384

SHA512
fdd10ef0de8d020a7b5e45f9f02f14991caff1209cccd5a8b043d6e99161329de9c4e4965d6bb41036af064d8fc47777cf8c49ae6545943e567c10614c1c433f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b994946ee94712ab32df5969622de911

SHA1
51522a2ab487f35027c4c8809735932ef2f0d548

SHA256
11e94714ae0071cb0f1a1eefd8d7e439a8e672ec6bf88f8bee98c03ed3296382

SHA512
3da0d69cbba2343f5985e56c9e342c862cee0b9d5d19185de85ff83757fb993e5310bb4817f0a6f7406f1a3d186c97152bced263da8e889eb20d4f7e59bd0078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77f5bcca74b35393cdf89154cd3b5e14

SHA1
e3cd95381a3eacd98da5d2d28b98ce5e6d710264

SHA256
908907bb88bea9b484a65b241b80344cae172bf808174134ea983578ca0ccfcd

SHA512
af80dbbd9dafff9c4548419ad09112570b0d3e771d086b7070fee323a94e32f75de91839ad66a82155a8abf009e084b16cdf7fa583cea6a8af753fa087e60fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
74b9c398da22af41a650f6e8bc4cba38

SHA1
9ca1bd3a24c8dc44a4f4615757ae161765151dd9

SHA256
8555bd407727a097e6c875956d63ba5bbb58cc9ae4cafd4ccc7895a3f3850a38

SHA512
772c5c48a4e7134ee957fe21f7f6319e630b5e954cd1fe34d99b63a6dedd1f5961108b04045ce435fb01d56dd115401c09b3600279af15abff68544dc464363c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
497b1093f7ec6fa183a6ead03801f2bc

SHA1
977398ef5281e3380767e4b23f75e22838f2faff

SHA256
d7b1070cf4412a639cd801aed2ce02ad88c9c6e8f61814c6da7a2072d3cc3d2a

SHA512
4577c507625c67f9d3ca9d87d9b053db5f03851db2f8e93df8eefcee469b46dadb3a55432f3a90448a59b92492e44eb3371fc3b4c26a030da4defd340ac7e9e8

Download Submit