hxxps://www[.]mediafire[.]com/file/12owzpj3ucsqmat/Panel_Instalador%282%29[.]zip/file

Analysis

max time kernel
1758s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/12owzpj3ucsqmat/Panel_Instalador%282%29.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
4036	msedge.exe
4036	msedge.exe
2380	identity_helper.exe
2380	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 1624	4036	msedge.exe	88
PID 4036 wrote to memory of 1624	4036	msedge.exe	88
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 5004	4036	msedge.exe	89
PID 4036 wrote to memory of 2220	4036	msedge.exe	90
PID 4036 wrote to memory of 2220	4036	msedge.exe	90
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91
PID 4036 wrote to memory of 2272	4036	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/12owzpj3ucsqmat/Panel_Instalador%282%29.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6fd646f8,0x7ffd6fd64708,0x7ffd6fd64718
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
827c3ff4c02dde20894e31283bffdb38

SHA1
8f526a7495ba41ab84141807e72d3fd4d78345c6

SHA256
37d6837a62e5e79a6b9d5a02efeff665a50fe35818dd82fbb2808736805410c5

SHA512
ab55040b94ca8fc20b47e09318c6b4a4b00c01102b5d414293da3c2278d2b5b4786459075e5b741128ce411d86abcb830d16c762e85688fd721d5cb4b8c6d883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
809ad064feb88a3b3038e9eeb182b390

SHA1
82724c7a649361bd42e27902a4e8859d21d2f471

SHA256
a46497bee4de87b81526bedf6fc902e5937ce91fafdce191f74c115bd95d0be1

SHA512
cbb9f40eb343dbc2e4775312c8e3b97d8c018171e3ade3488e8a3eb9ba01ba0821e7c14ca9e0e5acca31bc28e6d586b1903e7cbfdf826535a51636a6cdee1759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
daea01b5652f4323a61a8b6da1774f75

SHA1
61e0ced66531ca901a5d9ed865537c3f5772eef8

SHA256
08a6ec177d710d7c0779aa7591b48e5312649d1192b1e3be8a53d6614e79f9e1

SHA512
93e7e7868349b52005d555d85f1fe44d936a10abb63b11669f9b9a16522c4f2f4f8b1ef03d4014745f8a7bc07bdec00086be6887efe4f820fa2498132353bcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5761cf4be8b76274bc65ab07e4d258e4

SHA1
b9ff245e6f1fcc5411b1d19832a061196b8bd5e2

SHA256
3964757b189f23cd2106d81c4b17a8138eab93bc8f3ca4e79350c792348c7463

SHA512
cb7a710f924bf92264690a3df96b3ac902d8113983f93799287f55409b7341708a1b1098c3832c40414a0850008f14406e3568c0371c9cd49cd8f2fd9e89a102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b7909a9ff07b9dd10f7996c7a9a1ed4b

SHA1
454a48969fcf001a488afed5e08f87c171539f6e

SHA256
f3de410c159c57047ec6e209ac73d28c02f04eca6a6e2c5204c4ca1c99e817dc

SHA512
1b77f63ee238bf92e5493e86a7f96b419d948a9da6fa07711b803b6752acddb33e8bd2219fbccf763e7678bacb4eadc87b270952665b940151e33efd7b20b2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
a674873ab5a10b780b47ec8435ea282e

SHA1
9e6e2a798d8142866c2ffd2099dc65d5b576d175

SHA256
0ba04bc01c15c093f49acb1a96946e6068da185842629db56930d6fbd2e48dd3

SHA512
bfd517c550ba3c34bc2cc2b3846cfe872c2393defda7e9fd043ef11ca17a1f12484ad9bac0dfb8eab8aa4dbc8366f74f772c9b006048ba9e2dd8610a7abc0f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b517.TMP

Filesize
705B

MD5
d17196f57772a4e637a3aaa9662effca

SHA1
5a9104d5c440c7d7ad74505ae5a5f2b91deeb663

SHA256
0e50ac469044e7dee3d6a95378718cedab49b7a8a9038d4acdb5fc515d57e784

SHA512
bd42c170a2c29159a6e9779e36f663c0209f0668c890f6a68b7bd94da283a4a82519f08fbf8cb39efea11d0a80ea9b5de92bba7f744b63ceb8599dd0003d7e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c41ccbc4d0fc9e69575392238e53a73f

SHA1
453b8c8cf6be53fd1ff7817efccccafd7c905ab8

SHA256
fc011f72514d5831bff225fbe3907257d1b16edc04bc0e9730ee12f0b250e1e8

SHA512
5f58a0c8b9f7bae0c7b0107e1369a138f95340292f30a617a94941de4b0caa2fba1fc003ef613ea84f61f2eaf2f0527516ef83590f01e9545054a3bc52c89a42

Download Submit