2c281542763fb79cbb1d0554f967bbceb24ea3da23a72a04bab4004c65e23b6c

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 01:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7652504c6be7f2c5529fe00c808e188.html
Size

147KB
MD5

c7652504c6be7f2c5529fe00c808e188
SHA1

2619b2f3ac2cec50a6b246a8808cc20abdec0080
SHA256

2c281542763fb79cbb1d0554f967bbceb24ea3da23a72a04bab4004c65e23b6c
SHA512

8cb3072ab7c271843066e1f2ccd2aa9efcd07517cac96b5bd992a7a1902ca5ad27e922d90ee57d79799c975203bdfa0d808bcb8e9f6056af7ddf58c60d3b7563
SSDEEP

3072:DrUcjvG8rMUcXmNRS7jQrHPdSq8nWu9JyHA:D5GXmNRu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
3684	msedge.exe
3684	msedge.exe
5356	identity_helper.exe
5356	identity_helper.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 2096	3684	msedge.exe	89
PID 3684 wrote to memory of 2096	3684	msedge.exe	89
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 3484	3684	msedge.exe	90
PID 3684 wrote to memory of 4392	3684	msedge.exe	91
PID 3684 wrote to memory of 4392	3684	msedge.exe	91
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92
PID 3684 wrote to memory of 4344	3684	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7652504c6be7f2c5529fe00c808e188.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8c6346f8,0x7ffa8c634708,0x7ffa8c634718
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9358590442988744320,4111193724735565689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
499c90752f604deea734810ca90ac091

SHA1
275f8bb217d80d323eeda5d5ac502ade3b3c3bec

SHA256
924f231b7f7255ce0492393cf87c19f2bfe6a5b9cc010738228be9890654de09

SHA512
9b119f951e00c93a9b8ef5c606d33dbfbc63b02cd58db5f267cffff6fa7cd6506a7d7c912ced4c812a7b7b66a0e15ba305352a012e9390c738a2562dbfe52a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d7caf33222ba986be4d3171eeea6726a

SHA1
aa5386f6403a80d9d445f23c8046519edfcabd83

SHA256
8effd249b60993b8b54e01d3665cba3a58c4a71591f29aea0ab37e11a8dd8e28

SHA512
a95dd42602d1380a5c3ca0d0b88b10a856eb7014f9603cfd2bab5817b838ee4b431c8aeeefd0dedbdd418612e1ef54448be81379d5bb1fb9e739c2902b1c5c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f2b20daae4e7971afe836233da98392

SHA1
c2a32743d57b42ad2725f72e516ebc1cb8ae50e3

SHA256
989fa3c987011bb62529f15b3f89e9be21919b6190b8f7142ffd681f5dc25ada

SHA512
903b5c8093f97769f0c66f777c94cf9485951c7adb2ea99fb9ad659b574b0a9516068ae8a9022e01133be46ac2933e25600398e4c0fd9bee2e583ee63232d991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28ea605cc6260ff3badbe21e94b54a3d

SHA1
e6ab865d601c0cb820af80e88638ff316161306d

SHA256
a5b67b1b9c0e2287f1fdcb455a439e882922cb8e1a4ea4ef12e220f7be593c64

SHA512
822d63f650e74d113f09d2d3cfb641da734398ab72f5696b0077ab018456dc7358f1f5de964a118bd5a9ce6d1e37465445644d105f914c002b92a85ba9623e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75e3d96bcda7b838fb0b1c23594feafc

SHA1
98516b89cfa10492667a38868a724fff773a81ce

SHA256
866b5810ee4bc657f99d225e5758b87ef23ccb95b7190eac65bb50979206228c

SHA512
31530b2f427257141c63fcc9b85f4bccc80cf10cd1eeece1eeda99c2d8a75605f26e4116622fa01910daf31c743f725de84c33880f60ac975e73c76ad92e02c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08b61e62d0080f7e1393614217b598cb

SHA1
47473152e98781ff633cbebb5826f42cab791a00

SHA256
ea15f864ec672aa1c7a0dafb9f267ecbf74de5d131f5e6485e92d4f4aee31358

SHA512
12fa3d6869cc38709f1e061e76a25d97021a491a85a98420d73e750e2d0866f368034372a4250d72eaffdce7a1a2dff04232a89548099f6880f297d7af14face

Download Submit