hxxp://www[.]citizenm[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.citizenm.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
4656	msedge.exe
4656	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 920	4656	msedge.exe	87
PID 4656 wrote to memory of 920	4656	msedge.exe	87
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1924	4656	msedge.exe	88
PID 4656 wrote to memory of 1056	4656	msedge.exe	89
PID 4656 wrote to memory of 1056	4656	msedge.exe	89
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90
PID 4656 wrote to memory of 2944	4656	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.citizenm.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2cb646f8,0x7fff2cb64708,0x7fff2cb64718
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11095255011511747909,7061080116562010076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
2bd053e040767e09472e6e1b26101f13

SHA1
5a4fcb55daac80d79e8938e10ebe947c9a8b1169

SHA256
88941cfa364daf07c7a9bd595426c1ddbfb651311fc53223d07219dd6eb4a45c

SHA512
5e36c2c881f0941387ded7d4a73117820a1f54237f52f9670e87f108ed1e72c33184d3380d0cfb05f2dc4750220079602377089c7d74ad0198c59b4bffbaf34c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a8b2f5ea9436b721f5ef297c835a442

SHA1
5f524b4f4d3017f0205e45012f93fe841c0e9b99

SHA256
2549138bb3bdbd83a6a001ad7314a3433c7cdf483f2de2b2b1a44081278f4b2a

SHA512
0834d06c9fff7cb9c6b1b3e2b5f3253863857cd71a7add01902b3b2695102aa431099e5d493d593e44a9bdd1246ffe906e2eda8be030092bf48bc05ae476a13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8eed311ad2696fcc0c32dfd7784a318e

SHA1
f8060c5fc80871f4f1c29eddc77d229b158d6a22

SHA256
0bd085c9dfb498bb0ab2857734f1b4e176f21cb0b35b645042cf862920198053

SHA512
0164606c973a5f83492802db512a2646717f847951e459013366701b08b78519548e855970470aedafd38aaa18e89d7ac8fa23990fa77aaf68e9a1af8d0922c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f08c1fa9356c540445712aa324b59319

SHA1
bd0fa3abbe09f05f52d990574b1730bd15a92c50

SHA256
33e24dd3720a94df75f326d4aacf04de3eb3f718921ac6d4f519fcc3c7dc5df2

SHA512
c1369510b7b9c09892e6671cd4da6bf20e0edb262a38a886564b1711016e50f90c089b0ddcb9b0b33b8226d1e49b6cbbd1e83281da992c5cb7232b00ab4af802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1cd77595877db280833ab35e6474445

SHA1
e939820084ba241a68d0d1b21375ae253efc2d33

SHA256
201252251d0ce90425a088720ca1fe90ec35e80a18fbe2fb1153cde2978a82f8

SHA512
8b603473de09a5abf52c6f908ed2e4a3d8f5956cd7ff342d9925042c40633c600540ead63121a4acac45a1ec6b9cbd351223e2e3ae09f0fd84035f0b08e10d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b6b465a8db386c07dd02854f731a6fe3

SHA1
9e45be7381446e5d414db66f3347a803519dba48

SHA256
aa805cc739c2976c2d4f57067f61719ac06849efb38bb2bf277a4ef9940b7b7e

SHA512
ced373a9009fe9f9a95cc7e429cecd65adc0aa7b9d3a2836dc325646b9c38a459b2521a3947a95b41b1ac8f4bc85d5918258829c98dc89cee457d4adc2204cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a2d7.TMP

Filesize
204B

MD5
9accf7a81238382ceb477f9002632aca

SHA1
f700fdb650bcacd60ea086a2ef542820ea225038

SHA256
9d4343fde5f7db21f6cc009ad3f70f40cf6a040523b04a681e4a3167e2f4a8cc

SHA512
fab4ae94720eba52ca8cd441fa90857d86d90bd74bfe33f0e5180cf5530394700200a0318ccd492df4d23008cede022b0472b67cf579a0cde33fdb4c5033851d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b84754de-08da-430c-a7fa-2b0c5626faa1.tmp

Filesize
6KB

MD5
65db14ee9270d719fc114e5aea76849d

SHA1
62e68409a1335536a38df2c8b42d63affb1828a6

SHA256
ca49fb27bae8314a14a8ba85744c7612c9dc290431ad584ffcd541d058c7c051

SHA512
d13f98db650512545a720a1fa20a5c0b3586fa8342a9ae8aa27d4129fa5c862caa743b7726982f4311dcc7589b91816dbb53aaf1ab5a3dd61132dacad78f71c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f17ce90984a7661962a189d5c160dcf

SHA1
6c015a034cf3e197e706fbc5d263d3b9791b9bc6

SHA256
d52c355f09029ea3c5c0a81781964fd2bedb3467bfdfb77ca4d47dcee90019cf

SHA512
bda7c3bd47b579cac5cea7bbefded3f8a1e78a38499673ec288b2206341596cc829b85b878cc646eb79304fedba7bfe29ec31325abda8536054bc119151de5f2

Download Submit