e7a7e3207a79fa2e45a926357c952351ad19314c09416a0d0313a70ca91e9301

Analysis

max time kernel
147s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0022c68c6288a49d32f193eff578144.html
Size

14KB
MD5

e0022c68c6288a49d32f193eff578144
SHA1

9b74a3022806e8a7d08a82e16fbc2f697a573756
SHA256

e7a7e3207a79fa2e45a926357c952351ad19314c09416a0d0313a70ca91e9301
SHA512

d5ab01128f04aaf24e015bab8616e18483325786c182c89bd00b59f1c5ce20c75dce5d7a803bbcd0af396ae32aab4d16821814233cf1a358ab9b57f30033b95b
SSDEEP

192:/EKhE5jcNBQYzYruzT2ecmMMzOounMXwPcFUX/0F+p6XLsSVtulmP3KTAL3E2:/z8cvzKnecLwRunIFUXsFWh2MJ2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
3964	msedge.exe
3964	msedge.exe
5256	identity_helper.exe
5256	identity_helper.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 848	3964	msedge.exe	89
PID 3964 wrote to memory of 848	3964	msedge.exe	89
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 2364	3964	msedge.exe	90
PID 3964 wrote to memory of 1740	3964	msedge.exe	91
PID 3964 wrote to memory of 1740	3964	msedge.exe	91
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92
PID 3964 wrote to memory of 1088	3964	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0022c68c6288a49d32f193eff578144.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1d0c46f8,0x7ffe1d0c4708,0x7ffe1d0c4718
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1059137712328289673,16543250197316056385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7c397277437cd4ccef6f6abfbf705078

SHA1
5a0177c0425331942e4b463d62d463c1a96f7d53

SHA256
92a17d8d79c5744b56c63f0404ebf86e31ef8c3dd1bb3feb8bab97cf5b848324

SHA512
994e6b0330c6dd859db4c8abba9c7c9b7f827df6fa631edb8270eae2254fdd65a197af4ab4bbff9d3a3b637097248c1e52a23bf87256fd8f1e17cc15d74889d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d209e305e4251b8abf2b3b2df762ce9

SHA1
aeb1812f17dea3250aa000511df5a9388dbe060c

SHA256
9c72accecf91a47ff1b83ccd43734706ec2daf5fb8b3bdcb8004e69e9a13b534

SHA512
0ee8af6f904cdeb53f0e30a27a0c662ad62fc637e3daa768eb141c27ab5ad5e32c4bc009717ffbedfd17225ea6b423c8ff3992bc854b0d89858a1857a19e7965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
292c0ba9f1ff7fc4a18e7982154506f1

SHA1
a345ebd5ba23551d6922f205a4e1c85fa04a0cb4

SHA256
1eadaddf8f3a8aedadd65ee16b8e9b2a355dd1d29491762f007882418407556b

SHA512
8a6284011bafe4e245b1508a4784a5271d41f75e26401ae9542ef514efa9f4cbd3e5d6e8465a86b5da4b5374cb3d8067ae13b48306f3fff0dab7656a52155fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd01edf29a639768addaa765e6a40d7e

SHA1
f5914908e001e514dae524dc3815867928dc75e7

SHA256
1aa685ce09d46313c85cea60695dca2f31abd1616a4a31513b839623a32a97f7

SHA512
49adbb6e7c4ffb646ec06976e97227b81065b5e8936e25aa6756bbbf90b8e36a7339968c2da57843058fea1f987f7fc7800c4fcab0d9866df03b83cc6f7e4628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4aedea771135d0678f31c5d084724e70

SHA1
7c95c7c516992abcb86a8902b09f8caed8f2bd51

SHA256
c32b4040631439b73e111e65708dfaa3481be218e0f5c12d3f6be968cf525fa2

SHA512
6bf5a9d47adbc7b2657d8bc35fb607c98cac5d07b128d1f3a8f7c282997140de6365b689f98482a3eae2b067521daeea44b6fcabbb942d00b0d6dd08eb03ce2d

Download Submit