331da20247c871eb05851f43c1db52841ff159492ebff377f8bb357aa6a860b0

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca6e7c4d4998f2a8633813e826255884.html
Size

106KB
MD5

ca6e7c4d4998f2a8633813e826255884
SHA1

5826331d3bb9f92634b8df7bc4999b8e167f4923
SHA256

331da20247c871eb05851f43c1db52841ff159492ebff377f8bb357aa6a860b0
SHA512

25c451b8f005bf09e029df3ef89a8a18e072ce5cb5e570ef098c14b0f084da4e153bdcbf653b36583b18f529dbf8840d16a3410d98ae8310eb35b726aef92fd3
SSDEEP

3072:l3xsRsDuVxI1XGDesMMby3/ARpKtXcXIKXJqiRZ7k/k2FkhsmZxtONRc1Yo8oSNC:WAIsmZxN8oSurp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
3112	msedge.exe
3112	msedge.exe
2164	identity_helper.exe
2164	identity_helper.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 4588	3112	msedge.exe	83
PID 3112 wrote to memory of 4588	3112	msedge.exe	83
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 1056	3112	msedge.exe	88
PID 3112 wrote to memory of 2916	3112	msedge.exe	89
PID 3112 wrote to memory of 2916	3112	msedge.exe	89
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90
PID 3112 wrote to memory of 5032	3112	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ca6e7c4d4998f2a8633813e826255884.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffec15546f8,0x7ffec1554708,0x7ffec1554718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10763293963141210179,3568017920026492889,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
914ab876e64e67591cf69e7026839532

SHA1
7c09d82271fd1735d12245c0766ed7f003df63aa

SHA256
bd046f037d33cae8f0dbed6a9e41f303b62cca3425792577e3e57e2cb299601d

SHA512
e5bb3e4867ae2a3d57767f9cfc1b071b781bec573bc2f22a432c48d15be475c643eb3c0700bb27c162f74d0054cab5d3249a03912ef260913e78cb53b2ca8af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
844B

MD5
c20bab943fd5df3f1308ac3ced749725

SHA1
a9525ee9acb9111988bbcd0bb42aa3dad83e5ebb

SHA256
83ad40c90ac8acabfab1ca954366594c7f4edcb3c3085e59e74b449a884e084b

SHA512
7e3424f1ac0502de52847ff7696c67de125a9ab753d799dc17901a364b1c4c97e8148ed1c2d042fd635618459bd1d9ae5aa0e3a03175330cfcfd816c7b5acda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
808f39471a02a5daf5f406bd1f6849e1

SHA1
fd3e33119769247ad81eafe684b84248c53e4674

SHA256
2dabb5f32c01f3bb00159fe962f665732a2fd3a0305c65860c243ce11d8039e8

SHA512
e406c77901310cecbe5e520f97d9df794e2d15ab9a521aef0f7ec70248dbe2de72e591e3c43c1e67661d25d44d859f2af2e0453ddc776f9ae61276068f115f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7019c24ac54ef959dcd02482adcc0873

SHA1
d8ccc72d5cb0ad4ac4c0e27d511abc605d96937b

SHA256
2b1073f1785eee119c8198b9db2f29ed3aa578e2871f82890c9ba4c85e5f979c

SHA512
5fa5d73fd4a1f914a3db0bfc46eb8482af208f25872a4d93f218a052113704b8f95148551ec9aa783966c78e9cf8b81cfa61da8fbd382660976a53db7fce47a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
048475bceacd0f8385f6d598ab4c3875

SHA1
a6f8211eae4b5f74bdf1c508e33bf2c54be6dc8f

SHA256
cec6b83e420bb1ef8500f8d23ebb811cd01dc566627906028ca2f1fdfc304243

SHA512
ff5dd2a661d53df0ce6479a4683ea7e01b0fb2a4f5cb5d6e1885a87c979d451cca84c49fff99d962172009d11fcc9479b1c7739c1cd3a032fc8f1fecc9eb09e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
bc6dfe3af59246b9cb04c7b9d5221e52

SHA1
9e9b754d981db998bc8d362ae960a98846b0dc58

SHA256
893af8972cd3bfd86044ff1c2192b92a838202de1aebc530a61afea9483f6363

SHA512
f22ebfeafd829addbcb4b293aae4b2100ddad877c381c85af41f238458b1ac430aa73e1223a4edbd3f17ba2011793927b73a2985163f588669d397447281fede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5de910cff614fae838aff520e1d2c1b2

SHA1
fa0c88682a111bfa30a7115e997ddb0bbc9c18d2

SHA256
3a3055d4da093105977e2db762fbd825c3be7a0783b211d53126e77aa5c2da8d

SHA512
93e582a4a42b28020d93b224b3aac57b51ffa031499d3860aeca1e05d51d15fe6e118134d3080cc4325f18a9f5c0552f08fac8139839e61db1b790bdf437dfba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d215.TMP

Filesize
203B

MD5
5b6b95715274e997dfa6e8a52a69b19d

SHA1
673c2e734f864595ad156946137582e1b66573d9

SHA256
b8527d0e1dbe0cbbe8fafcd9d934c692591f3e5dab39794451e445a611163950

SHA512
d6df229b9ce0af561c51b449dac7f7341fae06a89bf43b0e95280969b630574fecef1b96385cb1f68bf7c67986ef90a5a1fd9e8f55901ad694f74c8255db85e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0841d96e584f4138f9f1b72985b66a48

SHA1
f0435e1e3e74c88436216f83fd0ce38fc7818ebb

SHA256
91f34789eb92387d6b189b3bed74f85ec769d83915720f9c0ac685c2ce47c98f

SHA512
81c44c80590168d0e0c7db3447554e5e30619fec329bc50733366fedba4a543c429e09f98575c101ecb9fa12d954a98177b4b070c90e11b0e3aabf5b504afcd8

Download Submit