815eb0c2591ffa6d6de7e8ae52ebdcccfc0d88d45571b376c3d75425e1e719d5

Analysis

max time kernel
242s
max time network
250s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2024, 02:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Online_UG.url
Size

271B
MD5

206e6506f2137d6b3dba8e7660f939aa
SHA1

566215f9c1a139ffb787a567e618f98340157d02
SHA256

29593810a8d7bae1a9cf011029b0482f53d5352da6b9c2b415923fbad88e23df
SHA512

640a7766a21cc0cd17608c5668a320fe2a45c7e7f08b3541c5f132fa0af7a801e3f08b38d3eac0e4ca9e545a03e18057c7d558b33a15ff38b1df7b10374d7a44

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3384	msedge.exe
3384	msedge.exe
1308	msedge.exe
1308	msedge.exe
4576	identity_helper.exe
4576	identity_helper.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1308	2300	rundll32.exe	85
PID 2300 wrote to memory of 1308	2300	rundll32.exe	85
PID 1308 wrote to memory of 2916	1308	msedge.exe	88
PID 1308 wrote to memory of 2916	1308	msedge.exe	88
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 4116	1308	msedge.exe	90
PID 1308 wrote to memory of 3384	1308	msedge.exe	91
PID 1308 wrote to memory of 3384	1308	msedge.exe	91
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92
PID 1308 wrote to memory of 4220	1308	msedge.exe	92

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Online_UG.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://primopdf.com/primopdf_support_manual.htm
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf7546f8,0x7ffadf754708,0x7ffadf754718
    3⤵
    PID:2916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    PID:2144
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,9037379464507182462,16409084074008202300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05472441-d2d6-40a7-8217-549fe9e6cb26.tmp

Filesize
6KB

MD5
6741fa96f63ab2b7660d4c6c47ec0cbf

SHA1
1d5792103f69fc4fa8fcadaf24e2db7b2f42289d

SHA256
fdcd368a5c1cff138c8042475dba3cac16823e454e5e0d404cdba26cdb7139e6

SHA512
7e1b0d252fc788f9c2c45366a35905dbc3efd110b2e1d122e09be5582ce8e10d7264a0667d4219cce1f817f18b54711a941dfb7b3a51df90edc1b718abd9bdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
4a788dce9d756949a46696d23e04a5a9

SHA1
bc5af76b4df5eeb10cc8085841013755c90b7172

SHA256
9e2f3039364540fd0858e63528d6c9ff52a9b0b4c51adae9ddf8180224440fab

SHA512
0f95c33b824b0185c571bf7d145d195dca81fc5afae2e7560419276a2bc621d6586b7d09177b21121836466d08c1fdf3195f4792e72769a7dfecabac60c27cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
82c227a0010e9cd8fac759a014eb7f60

SHA1
5a79832ef1a8766d2eefaa7b36bc281da210ed4a

SHA256
ce99a82e2f8ce4b43cbe9bf87f02b2c1ac0f972dcb46f16e07e98e2c6fdedc5e

SHA512
07590f44914494a6f65149e6cacd192bef8270e79cbc753bfe6493ccab8fbf290398eee01f94add33e435a32b5deea839e629d5f87727adb6ca31af10f6cd851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7509ff9f2209c64e33ce6a93f78a666

SHA1
4022ba47cf372fca79e80b0d8fd553465c92fac2

SHA256
fb94b1b6cf0ed024a185f127b54b7b777cedf470f324bc60cf99e70cdca14fbe

SHA512
415166140b1fdad43e77dc4d4b6bb67eb0bac8831b97a7dd1168fec92ffc663db27161130402eabd9ba8fefab81b6cd9e3e2beec334039c0bd93356bc292756c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7592676349fa1873da791478ade3949f

SHA1
d46b6d0bebddea26a031c0f736dda7bbc8317fb3

SHA256
9b5b29274591d27fe7c8bf45f44cfd20d1b980b3398a769246b2c983fa255e3d

SHA512
416c157c088d4757f07b54a169ab314d92aa23634c8cf8b5b8b2c7bb0c12ee02b83a6591227c721a3c0b76bab8eb782baf93eccc891d9d4caf731a0211f5c63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8aa003973a2e8ee274be0bb60a072d7

SHA1
3548f72f882237787ece34157700d275a7e113a3

SHA256
31e05d906e5db01b61ffad322af757d2cdc20080286db02540dc1f51f29804cd

SHA512
a627f532e416d9c961516a11381c6b92c807e7b52cb59dd7737cf85cd7b1632343ea479dd5fcc45128ba808709b2714d60136af2fa4a06e138f840eca1b08cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4338ed8965363473d974c7d652f8252a

SHA1
7e92356779e975c3940bf3c6a12a1d6af02c2fe9

SHA256
72435b33a0db9d4c5d1120efd5e894861e0d9403ad077db176879e3aa8932421

SHA512
90a324b52c6dc0cb487318c28a5adb6cf4a8298e9060003558d051105575e5ce08832ffa20a7ba7b1b31e75a9cd52855aef8355fb765006c41fdd20c557d4245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c6ab.TMP

Filesize
1KB

MD5
d27ded0a30fb3645dcea84b4aaa5809b

SHA1
f5c83bf33cd028c78d72fb81a515c4e6626e84e7

SHA256
8c41291fe5a4a8c18f0d5b3421bc28c7c611942f670b9848a16e7fb8807e8570

SHA512
7387e0c6e6d1ff980b79d512785660dbbd5e07da0c68e284ea329192405fb87823454e06b017718b02fd0cfa4cb4e7f3bc9a0734aca78e4db711d6726cf4da15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7660991224d4341f61a061686c0401c0

SHA1
1b464e03612b4b4e8b75a63fea37cbdcc5e66528

SHA256
513c0f1edc5b3e9e3f3d90fc221e9bfe77d433f48f41ff563786054c278c043f

SHA512
a3fe3c282e12408392d9d6b349c2b0857305efd4ecaacb4b33ddd6ab0ffc72770e8609695d82af0fbdd433f3dbd79f67e583438ae81ee7c710fb189c3a1fcf01

Download Submit