9a11e6bb6088e235044581177fbfd63837f0adfb20704d580fa7e5e233815832

Analysis

max time kernel
192s
max time network
210s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ATT78573.html
Size

1KB
MD5

09115827dbe698c63cda960375814c32
SHA1

dbdaa345f72d0e66e1e2d72aa5dad11e93435c82
SHA256

9a11e6bb6088e235044581177fbfd63837f0adfb20704d580fa7e5e233815832
SHA512

dedc1c3da79d7a4baff01f5404c82867e99c6109cfbaa486fbe8ff5c654998e461fe881134e0d64ef7be1cbd86253543fbf3748e19205be02183c49ea9c3e3f0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4852	msedge.exe
4852	msedge.exe
3108	identity_helper.exe
3108	identity_helper.exe
4192	msedge.exe
4192	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3992	4852	msedge.exe	79
PID 4852 wrote to memory of 3992	4852	msedge.exe	79
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 3456	4852	msedge.exe	80
PID 4852 wrote to memory of 4836	4852	msedge.exe	81
PID 4852 wrote to memory of 4836	4852	msedge.exe	81
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82
PID 4852 wrote to memory of 2920	4852	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ATT78573.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb8f63cb8,0x7ffeb8f63cc8,0x7ffeb8f63cd8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,5650644772291851249,3280671334922875753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c93f255474ff07cf9123a10f27cd55f8

SHA1
295e1ae88f60cb924983c85c7f8ff8571c843f4d

SHA256
cf6eda7123ba04776e109eed7d99bdbc674cdf68aebf01101c7e242113493c08

SHA512
79013da360b20b95b0f6b1c242e98cd6b4f2f00140f712727e32a2b4f67942786ea22720225a5219f0bc3666fbd7cf0fde9e479319c75fc97c0cb75f6ed739d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
827B

MD5
5c31b789387eddf5146025c2a2adb682

SHA1
85f753f89230c557cd7dce4e93043be6c3331e25

SHA256
de8a13b45a97222ca53831afb13099375f6aa605b87cbf9f91539f1d5d918e3b

SHA512
fa57945ecff0061daba69db257eccbe38e9a7c1c9161e1951c17bf74021ec914ff919973c259b0d8a1830491ee6c9dec7cc863f0dea7f89e67917c02aa794639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8313b2b31fa0c45ec12cd3c9cbbb022

SHA1
ea0763234940c8ee69f25917b9c134aaa64fffe6

SHA256
034e677aaef196e6c55b4b3de387ff110cd9c3af38676c5bd243adfe27782115

SHA512
ed0fc57823988e32d7cb1e3ef087525425ea2d2a6ea4b4ae090c78561f36b963832120f36fbee14cddd541536105fef042188451e8033bb15c34dfb3f740d48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43dcc2ea9794fee5208c3a11ee17b53b

SHA1
bc94e5c94e4cd157c720de1779d1879edb3f49eb

SHA256
48b71e0bdebd1aa7caaa765694fd44afc6c3b6ae31397b49ba3998aa1b7f8c3a

SHA512
fc5c2b34cd27d750271ab003f5b90ed6ed45fe846e81b0437b3d68e5da48dd250d7d3f69d1918745b6e7d95d4e899937ee647a4a9e88db6a3da45bb32c6a9e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91f9666ed9e15e28e04827e18b8c16e0

SHA1
59c95dc687e851899681fab419a016bcc4ea33a0

SHA256
3985aac574e939325a0a77d1fbe93a2e71e4938d35779bfe74e2cd42fd16aab9

SHA512
151640fc33803eb3c66b37debdecb5952934dfd909405847e4a0353f9440efa602185ac052b85a1f7d77cdbd01a69cfea318d880520643b5823e13dc410f1b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
37ccd2381cfbeba7540561d889324942

SHA1
6d09c0c9f7f314c2bb0d09317223ba1e17b2ddc1

SHA256
91b6815f5c6428750a31e267a86a70ecc98c8887b1a5e271f5573e045f6826dc

SHA512
0570db1a29b6b212f59d326e672f24c1b47a1d867b1a834abf36e4fc07e28c4467a06fbf86585da5516397a022166885ae69138216e9309084d43225eacbf662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5825f2.TMP

Filesize
204B

MD5
d1ec35a95cc0bc94b0d6220823c31f26

SHA1
e8405289a807bef6a5ccf1ba29d0c95464e6dfbc

SHA256
c09ef5be278a426c66b9a1e9bf950771675e50145f6faddbaf190de9cc9b3c2a

SHA512
57ed07db76217d0ea99d32af5871c49f3077d767fb905d26d599ab88468d88096c50a16c7e4f141427ec94624f40c7909b13c5dc56c43424c06e031d35908944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5c6639627905f185a2bac5d76f754d3

SHA1
2a5437e27a4df81f6509c1705d026cf000a215db

SHA256
536635528eefbb682aa4a51a10f0cf9f334ef533771864446eb3af4da42adb3d

SHA512
7a1a2d87b160e83f942ff44ee27323f278c43c3c6b7b83a2847fc8121499553de26e1053c4343ae90dd8f06fe75540063da47c4040b383e0a6b7dd15bf725296

Download Submit