hxxp://members[.]vitality[.]co[.]uk/follice-of-worthe-comes-by-hat-the-to-you-by-but

Analysis

max time kernel
70s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://members.vitality.co.uk/follice-of-worthe-comes-by-hat-the-to-you-by-but

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5472	msedge.exe
5472	msedge.exe
5952	msedge.exe
5952	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5952 wrote to memory of 5264	5952	msedge.exe	84
PID 5952 wrote to memory of 5264	5952	msedge.exe	84
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 2360	5952	msedge.exe	85
PID 5952 wrote to memory of 5472	5952	msedge.exe	86
PID 5952 wrote to memory of 5472	5952	msedge.exe	86
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87
PID 5952 wrote to memory of 5448	5952	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://members.vitality.co.uk/follice-of-worthe-comes-by-hat-the-to-you-by-but
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ccd546f8,0x7ff8ccd54708,0x7ff8ccd54718
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17655989424305052391,15759373846851534931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2983efcf-4d09-4a41-b1ac-9f8a727b4231.tmp

Filesize
1KB

MD5
38d59214cc32859c6cee5f1d592ef76c

SHA1
ad1b73d19d152a8917fe30864091f8c8028abcf1

SHA256
9cf98f0cc861f03bb8429462ae66ae7dd4aeefc628aadec2beb36f325fa87960

SHA512
6e651e81e5a77b28c4a7a295f12e49b3d26e2fd30551f416552bf0208643a44b088f48cf10fc0ff45fb0a804f410d334af6a5c7f9c0fda27ba569c6cc3682693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
75KB

MD5
fc2074d60003072903899e0b1e20782a

SHA1
a77e8fd672d301537d913380a35ce9fd1f8381dc

SHA256
1ea394720e8dc13c09d73e6e5f5db4e44f11a0a9cdf57b38eaf985602bb8c1e1

SHA512
d6f6e39120e0cb9a508cf3396cd561b2df452869d24473aad9ed38c7b019ec9e0fd0efefc20c084c92dd68a658fb46471e7c5b665336dddc7f08bb3995a513b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
fb64adfef629accc70171aa4a6363076

SHA1
6c0e37f5541eb331d4c609b2caea85136c39575f

SHA256
332bab83d12df7f9c4cd90309e76b3b3de514d456e64a2bd743e91d689826a07

SHA512
cb36e0d92c9f7a05229920e7280900f24f1eb29ab01dfd4903cce85e74bbd13985a0fcdb1c7b513d9f9065762fce76e3ee861b75eefaab079b3995066dda5aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85d58beb3de9e76066bbafe7ac6a324d

SHA1
52dd4c9e967adf52a73248c3b731fdb400a0a877

SHA256
0d980053ac8a28367719ad58ca9c68f205a510618a094bd76c14f7b04c3f5205

SHA512
9128ef17f54403fc49926233e7b7eb3c2970396bf3e2a2ce3dc488fea7c618c43341b26f417278a6e7527ea1da5cc752eb3326007fb33829dfc31a46bb62c99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f3698ad025ae033e8a5bf3d36b0b1bb

SHA1
e722132bec0d53c1cdbeb0dfbc0acc7d999880c3

SHA256
84df8f668dcde12cd338634d343b82c7418fe6c2c5e95c2f85ffeeaf01f1cf20

SHA512
335d3557c8997683f6a2864c88eb4109b9b86d4fe0fd15de291eb948586c6b5d1b10a02965384514b006c995f8b79e40b61472df740a9566bbcb370f0c4a4e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df72f60cdb41f16ade31e0401607c2dc

SHA1
b7499c62f77dc31e0f4b312e490e0f901a4f4342

SHA256
93df76a546e453f7fa4cfcd8ba18ad8149acd941bf15fc39c1cebf2288456a1a

SHA512
74fc04050a89e77e0ad970203139e1da2065a5972301689cec8ffa835cd61bb70b8ab098ca897aeb6277587f670dce62acb6e5f1ae2d0d6899f7c0f89f3c6e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57924d.TMP

Filesize
203B

MD5
8aacab852dafeab4356764326e5f8647

SHA1
16483dfec66eb1ee600d96ebf51193a767dcb88c

SHA256
2e7aca37b0d5a5d20a2af6eb418e08434271a3b3eecc96f1ac62dcba029b3cf5

SHA512
41eb4bb34aec88c0edcadee8a0599af4b7b034fbb2f06a29d6d87dae7d7f1a0dcd8cf9a99b16ab0ddf5879bda3e9d90404c205830ac7ef7c8d615088809f9416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e427bb25c59a62445540748b3d2668e6

SHA1
67eed5641015d56b87004dfc83d5520fcbcbb41b

SHA256
67284070f49914f9f02cf5209b2c61078b5ae15808dd3370d008e13976008b4a

SHA512
1ed117a9f5b53bb9aef1fe771504c4a86d1360ec4cb2a403ab5219a6c617682bb886689cee18384138aac1e98e632a3252330c4c12b90d6207fdfbd67c98c69c

Download Submit