hxxp://celsiusnetwork[.]government-stretto[.]com/claims/Voyager_files/

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://celsiusnetwork.government-stretto.com/claims/Voyager_files/

Score

6^/10

motw phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

94 raw.githubusercontent.com
107 raw.githubusercontent.com
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

16 https://case.stretto.com/voyager/file-a-claim

flow	ioc
94	raw.githubusercontent.com
107	raw.githubusercontent.com

flow	ioc
16	https://case.stretto.com/voyager/file-a-claim

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4716	msedge.exe
4716	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe
4716 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4716 wrote to memory of 2660	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 2660	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4940	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4236	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4236	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe
PID 4716 wrote to memory of 4092	4716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://celsiusnetwork.government-stretto.com/claims/Voyager_files/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d6b46f8,0x7ff80d6b4708,0x7ff80d6b4718
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
2⤵
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,14966076273913666523,17191478464280687179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
1859d8899c4c1d234d55c0859ce78ca0

SHA1
14910eca160791e6dae548da2a6e787fe5ac448c

SHA256
838a4c78655cd011a80d5849cf9d7ed10173c93fa8d1e797ba08f8409ba882b1

SHA512
334f248819511e9af43e6bafa89313505fc681430f6fffaebdac191177458a3dd1f8914ec4147b68e387330855a3d173fa4deb65a8a8e0fc9485124a1b19f9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3dc7f0583e7cd669808601d5b608c9e3

SHA1
1c4323d00263a19a47b8eb79ecf988284eafd5bd

SHA256
1fe275e64f4378cbf24fb63e86e7aa23a40f61b81cb0b24f5a02aadfa08dc9d4

SHA512
980c106c6e7facf81962519b0832263ac214962e98f362f6b06d845c3545db284573b8bc519f971a32327427302839fd7fdf5dd4dcfe70da30640f2c732b3294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0761f474d8369114b3acafe27514ac29

SHA1
38b0f99a20963f4b1c443e3537ed8a829e065351

SHA256
312fb47eb4621b291c0543c9f0760526f0f15f9d837309c0de36e8ae0776a3f3

SHA512
5fed6d4f62bdf31d5aa5a33acd7ec67e2ca36297e43c25d7a2e271eacbe1acf85442ff5e78d01e6a66bd1a8d50b748953a8e7661f4448c3b1bbadbe290857501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
02ee8c7a310ef3e6b715e0044952d2c5

SHA1
8c403950453fc03629bae41def511d61da0cc7a8

SHA256
a1b049c8b725757c66910b487694dcb4b61190d7ddd8d964b1d2142bb2e2b396

SHA512
730cede65169bf734c7046e0bb5532829928e8d04343e1729cd3ad1c14e01d78c85a148098550ef1778d79d4a19045a4a850b9649305aa812a8d12041b1c4e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
489d401b98f63134a3634f9908ee1bbc

SHA1
9ccde7b514075a3569d2eb5b478a183239efcddc

SHA256
910251ee87e45718e3164c6e6af05ca01d32e2ac184ca23d2de57eac30312566

SHA512
417cd140a817aa82a6ccc7fdb17f36da5e6df525cf0289b8e024e816887cc2e73b070e6ed9f62e6df5afbf185102a7973a0f2571e6bfd85afa7ea59d0c830956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
76bbb11f86b653083344efa91b7958fa

SHA1
95fcb7dbe859cea8a7ca9099f770d5a4c1daac59

SHA256
b333276ef7baae7c495bcd0f03cceb184aeed32936c248a1c86c7840454281ed

SHA512
ffe22be033971f2483fb2f5dcba30b46b13453671b94e66c06e412907c74e6cd7b082a519d45a31744c40a2b57d0b4b9ebfa384e28ebe3f78ae9ca4550e1000b

Download Submit