195eaa2ba14fff1eedca00e9f1379e16c0bbcacd5085094a9fae43fc336a2c00

Analysis

max time kernel
78s
max time network
71s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wordweb-pro-ultimate-reference-bundle-free-download.html
Size

15KB
MD5

eb384b1d773021b94abfe82f474e1ad6
SHA1

e3d9ce8c7eecb3c1f89a47e5b85af1f480290aaa
SHA256

195eaa2ba14fff1eedca00e9f1379e16c0bbcacd5085094a9fae43fc336a2c00
SHA512

3afb303d5eca1b94db81fff3cd6bb0c39b3033507bd08eea710d4dc6536f13a2de8a7b7fe1cc78c861004dc51cf7ff77d946278884e987a3e9119347f853b848
SSDEEP

192:PNx5Ssv99qXoqTJkNr423LteRKbEnaPjWCN80qO7x3zI0L6M9P9JyhN:5Ssl9qYoJkN0GbPW+9zI0L6i1kN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
1840	msedge.exe
1840	msedge.exe
808	msedge.exe
808	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 5096	1840	msedge.exe	78
PID 1840 wrote to memory of 5096	1840	msedge.exe	78
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 3964	1840	msedge.exe	79
PID 1840 wrote to memory of 5080	1840	msedge.exe	80
PID 1840 wrote to memory of 5080	1840	msedge.exe	80
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81
PID 1840 wrote to memory of 3696	1840	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\wordweb-pro-ultimate-reference-bundle-free-download.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefa633cb8,0x7ffefa633cc8,0x7ffefa633cd8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,16311061474184240812,10739969809501482124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
57e5c5a9236321d336e2c8ce1eeff844

SHA1
8fd4288af72ba3f7a0ecc5583a9265723fefc096

SHA256
ae6496cf397848bf3139858deaf567e3df991bab5a7704a0fa7aae95474872d7

SHA512
bc3f24afe6ce0494022d8201a01a60239ac5cfee54e0650a337036817056424b418cb636d58d07e5034dffe2226906202b56509e4cc07562c0b60f618c420080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
493e7e14aceba0ff1c0720920cccc4a2

SHA1
468f39cefbcf14a04388b72d4f02552649bf3101

SHA256
a0dd32ed60115f661a4ca537472e0d4e230ff844d56a3db766299cf4cd817842

SHA512
e16c748e4513ea10bf7124cef7b50dc5f3a1802205af9228e0c33fdbf3c24286739db08db4b813079ed7cc36be43d7457f4c26f00ae3126a2fafd77d2696107a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9846a87e-b7db-498b-9502-6259c8a4001b.tmp

Filesize
1KB

MD5
90889c08c31f75898d4507c7979eb192

SHA1
976ebb7ec51d1e60b3a72fab26afbdfb4ad45b43

SHA256
ede6049f758b741814e7d852683d36eea92a4d29da37da305bde54e41c56b0c6

SHA512
18c56495e46718810c636df6d418b84bc4be523e3ff32a67699cbeba23cc668b054105072d8228acf0686d6ef35fac867e3bba52992099629180d877989d405c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
42b90bdd471d04ddf77d51861a2b6a39

SHA1
4f39318b1df665bcec2aaa370ea6e8f41a3a32ca

SHA256
61c22cb77ab5c0bc6b776dc95f0c71f2ba9f47c539e63bb3c5eee7ce88fef593

SHA512
0c0e3cc310c2827e90322743be99c0a16e4b028f37ad7497fbb539c8fd636c5c4922dc07c04a458d3aa24126d0fbe0cf0b9344ec33402a84695966f5db051fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37fecc4a53c6ab76d95f6d457b8f99d3

SHA1
38784d9ed52047374d7116fb8ab0a21520445a73

SHA256
a6c8f70cd98cbc4ee58f90d7a641d6a04957e413f09d6ac11bec44844611e375

SHA512
81560ed618d13cc73c2a32bc3528a84d6b263ce2a11459ed0fdbce452f509f1c907a61776635c04d9a8397de02487f120df6984033cd0590b91023c3976af411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ad92310a94202e1469b8e8d95b4b69a

SHA1
0aacfbc3f34824882b6554f063b0962cc6ae592c

SHA256
fa7c8fef0215e9f415e0596faa8ef3789f96546c61fc423cc572d92e817ef412

SHA512
9b0d67614b0d3e15d5228d9f0ae5c613b7901c3b4cc1ee056ffdae108ce93390f7c06390bb0bf5e7c9e5755e0441662864aa67358deed05e225fda3679f15166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1624aba3c73594fe6bddf7156a37bca0

SHA1
e696f8f9370162b8e7f9278ae5ef682a86bcf854

SHA256
4b2bc9634485e42928d8584e367c6f60c529b7deec9c777779ed503a732ce09e

SHA512
f72fafc3d0a745d66b355a9ae50d455cbd6b17dc24d04044cba7c88da2753f877caa2bee3168f98dd8ffdd7d9c65da83a1ef061f213eb843609ab2dfca809263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b568cdfd8007e43b88e8ccc1b353bdf0

SHA1
711b84c8d16d502ade588baa201d97abb4885764

SHA256
42ce10c92e64a2039306e03c41606f312134aefa28e8e5356d0d666974ae35ee

SHA512
dda2b2d2f8afcbbfb9e0c7f36f9be6600663a7f2e6e4d95381cf8654d5f21f6354c8565b00bb1dfe642350cb160826cd92466c796abd54c3415066b1250dd1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0043b92cdaf160e06d15e36d9075c72f

SHA1
1756736ca9f547c3fd4c9abce230cbf3717a840e

SHA256
9f293a99d5fb3afbfb2a921a4411287b27110cfe656b1635385ac7e3eb103417

SHA512
69cdcf5d1e9276b710909df9a8967348c9b510cfb32376921ae62564ff0106921f88ee8637c34fdf651c57c6a367bc032cdb60a5215675dbfdc4f2d2b7270cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58557e.TMP

Filesize
1KB

MD5
646bd196dcff8cb6220fe2f7afd11372

SHA1
2e76dbeb269ff14fe3455f079b6e3c997e7348c1

SHA256
203f4100923035f3a4d4c225112206557176a156c79bdf00249fe9c376f02e4d

SHA512
cdb3db9b5360a302376c2a201b6a8997701ecfa767a52a22fc9011d1ca7fcd9b06d311770430c3e939d7bacb44348d3e3b055c9e73029a491c81d364dd745baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a7914c4bed29e04cc8173454d806701

SHA1
26194505881c61811e503dd1f782817c39207e1b

SHA256
123d2952d5d221cfefa13d1eb05c5b2a701eb70edcdb09fe989b876810332f85

SHA512
0862aa10139ce24d7a873564c94ba97ff71205611147884df0d9838b3e7b8c6302887fb212cde688b745641520899a9111a3334040c7502bdef7605546d71ca3

Download Submit