613b2391735cd36319b09b2045c1fce2a725a004a96517f807f439215e3233c9

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3557b02752f251f6a4887448b8c16e9.html
Size

57KB
MD5

d3557b02752f251f6a4887448b8c16e9
SHA1

28cee9fc738c5bfcd634ababa3e46359e9b4acde
SHA256

613b2391735cd36319b09b2045c1fce2a725a004a96517f807f439215e3233c9
SHA512

9ec88100ec159132aa92dfed17530ebbb58405141cabcd73c2d62b8f72a77f0bdce1f36d0b329aa40436f5f37b328efb27d4739e100ab071389370f3b35b2f9d
SSDEEP

1536:zdQkHv7oORjKfanGRbrx4kArwvIv+1LvGJ2WFpY+fFMB7hk3V:hQkHTPlKfanGRbrx4kArwvIv+1LvGJ2i

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4708	msedge.exe
4708	msedge.exe
2252	identity_helper.exe
2252	identity_helper.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 392	4708	msedge.exe	83
PID 4708 wrote to memory of 392	4708	msedge.exe	83
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 2420	4708	msedge.exe	88
PID 4708 wrote to memory of 4260	4708	msedge.exe	89
PID 4708 wrote to memory of 4260	4708	msedge.exe	89
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90
PID 4708 wrote to memory of 5108	4708	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3557b02752f251f6a4887448b8c16e9.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8028b46f8,0x7ff8028b4708,0x7ff8028b4718
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1592 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,355150736046771104,2155666560154184539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
68df10d1592a77b22f93e51bc98ae325

SHA1
748181419a6cc173c46a887fd454f555c7dcb150

SHA256
a28b585b59f05aa17b93dd82951af10ea222a2d13e144127f257df66ee62cf34

SHA512
847e84b1119f8b8ff739cfa99516633ed29154863aefe93ed4ba6b3fb4c9ba7e69b29f2d2a2b43bdb8066ad286336502ff82ed21965c0d1efb5e77519b7dd36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ef59182f4e6a5e365031569bb2b88d70

SHA1
1c91c0a9080304503cb8521132ba0b180a8631d4

SHA256
62f589d7d33153748101d95aa57bc7d3c05b8bd1accdc171e857b7f20557a6bf

SHA512
dfb7bd3f75d61c8986303ed35513440aec8c9cd1a44060fad48f75a49a3969f80054d4b2bbfe12dd7e053782ff16d1cc28527c7fbc1f9f530b61e1006462868f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9e774f7072aa5b7ef0a7f483f08088d3

SHA1
b4e64771e8118dd05077fc1126e2b254aae23b80

SHA256
e97245db0cb67226634aea1f8c738f851d6311c4a841d0752a35f69e13643095

SHA512
5821c51962d259db482c4d4dc691313eea00304a1dda60664195bf833056d42f7d5cc862c14b2e9645bcb6c83e0f28fe733f403a3cc6afa5375a03857a91a4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
179edd8fadd67cf773407c99d0b07965

SHA1
9e9ced4c465cac12df94d95d84dede2223dc0372

SHA256
d3e14623c88fbc1b51a412b2e8c0f0ff04466082299ee2e8a46877d2369fcc6c

SHA512
fc3bb75c9d455dc6236b778a4e93fad2bea8597bbb751916714d1f707becac394e88692b80f5a663d5e9d7629709dca8de438ab04e735a50f851d8672fc88a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c17dde0a27f5622616fe66a588dca1f

SHA1
d1b059bfba8358167fa4e195054e68efdfcb75e0

SHA256
f62fd045878cb789303713e0867e958500f36e7359a4bc9a58194932fe78cd1f

SHA512
d76d209a3d8e552fc10e17a05e8e43a3e3c28bfec396b05d85be6660324f0095cc873f1c344e1ee65397b91e7b3bd535b4a54752c506d52fcd572d6d02355752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3a9e338307c8195d586c60406f29557

SHA1
e5e5d348ab23681a553e2d0c6e879a5d5fabd2b4

SHA256
bd89beb0e8e9ee4d7015bf7e6a1ad974290b1973a8d7f0cfe92d6d55640db092

SHA512
04c4898b7ea5905331b5ff9a0d3273141c91e106edbef094923b914689ec0d79b9b2fde3c5891bd104fa6296273634104eb3a074c7e27bc07873ddfd98eb81d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d94b41793c22526f68af4722192fdae5

SHA1
0b0d803c98142503eb81ffde1dd7f532f02845da

SHA256
38cbf1ecbaf0825155448c7507c83f4862c14406a77051ea617e357b7feeefb2

SHA512
fd62fd8a04cc078467cfde72ce6aa242c62abb4b5a73920acfb61c53cc1adf017f37a7b41d7203f115e473056f89568203dcc609076d4343ae213b009d06695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6136548059bc0eb913c068629de27a2

SHA1
4486d6bb1a30a0674c7ef6f9128f22adea195542

SHA256
9c8a4e906ba584f1e8b7b63c2e182106727aaba69c6b5fd84274d451b8b4c80e

SHA512
a596f5d6aa5a3251870577f619d7812d23aca97e64eb39684bf81a3ad2002c9eebe07eede0eb912fff732ffc6845977d23a632f34ec98af68b442fed999275e1

Download Submit