hxxps://www[.]ceford[.]or[.]ug/dandy9Fe5ri2PkssWO3nx0qlWO3s3RuBM2dy9sFe5

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 08:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.ceford.or.ug/dandy9Fe5ri2PkssWO3nx0qlWO3s3RuBM2dy9sFe5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
4236	msedge.exe
4236	msedge.exe
2264	identity_helper.exe
2264	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4340	4236	msedge.exe	89
PID 4236 wrote to memory of 4340	4236	msedge.exe	89
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 4760	4236	msedge.exe	90
PID 4236 wrote to memory of 1412	4236	msedge.exe	91
PID 4236 wrote to memory of 1412	4236	msedge.exe	91
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92
PID 4236 wrote to memory of 1384	4236	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ceford.or.ug/dandy9Fe5ri2PkssWO3nx0qlWO3s3RuBM2dy9sFe5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd10f946f8,0x7ffd10f94708,0x7ffd10f94718
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,12796587076899217454,10925108478578353334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d94406b964753cc5222ab1343f54bb1

SHA1
a5e7de0781fa1fabb3cd89564f2e5693cb4dee16

SHA256
fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762

SHA512
1ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49dde89f025a1cce8848473379f7c28f

SHA1
b405956b33146b2890530e818b6aa74bba3afb88

SHA256
d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b

SHA512
53050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
40470eb46741773d41bd16b698aa59f7

SHA1
b5c7734606266f6af0fd692d34ea141e3418bf72

SHA256
c093f0ed0b0365a9d7322bf8020f9b61927bdd9d9e99cf6a7f3ac08042d20299

SHA512
79902440d40a84b83224741432fb7daa8ef0d0f9e5ba09117871e9e45d6e396ebd8622ce51c46dc768b5aba5397b7ce41e365cf87ddf444da6e91120298fb1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
825B

MD5
077e860eabf85473244ba381286ac4d5

SHA1
b34141dc2f81a7e9f7bd8be6b61e0b5e0a77742c

SHA256
7078d5a7d197723d8c0bde93f1a4ef97c6cbb96b82afe6b7415d3065fc8ab540

SHA512
5b44aaf487a3801bbbbe9b49c863c7d626b2a47c558290d736fdf31795c1c944be333f113070a97c7fd65682b00ae7df528932699ac49dde400304997994c1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
732B

MD5
414a5e4d7625c48e95ad387a31dea68f

SHA1
0f95b17fb81ef1afec1c6fed8cad44f0abb27a03

SHA256
884f4ea1caf5af8551c47dc8a6b0e9121fadf2f232df3685b49b5a4b402659a7

SHA512
73f19d3f42da5f7d64d9e720039ac66c49f1c1a4545b67bd243e24a4a5d6eb12505bfadf05cdea5a1c223ef6b60bc34044b2d550f537e5823d4387635925d135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dae66e88ef1194d6221d11b01bc16228

SHA1
c1be387f7f2043e1d1f01121ee30eb23d3798984

SHA256
bafa082986ba4c0c3a59ef282c0024fb89db2bed30d1d0675f43d0a25a6aa8e3

SHA512
a6a787eb84954c8f7c5859815ee8a57fea77ea3ef1a6200c937982f65e846cef938c3acf5e8d9f2c3f3e3b412998eeeef9fd3779bf30b67fb5782d840f4f29c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
779f1512af9b5cac16ec2a61c3d9b48d

SHA1
2905ffe94a8d15c99c5b39e538c74861e74719ae

SHA256
0d010c41959b9e7f6ee1416703c7a3ccc9abfb4a0ab23d4f248604076a4813c0

SHA512
4bace83f1406411bb9d35ff63551ebdbedce9265d45987c3c26c55858e08b0f7449fe8ab213f3d827b2ca1142f3441412a0a4bfd2551382aa0bc5f08f225cb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7c43199d1e5acf5a31e1cbef990fbc47

SHA1
df7bd524b9b3175325c0aff3469ea7f2211d3061

SHA256
52a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22

SHA512
aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ce4aa1d034e2c35dd5177a98d2c6d81a

SHA1
5d2d5512bca2d3726785bdd4879e63a5d43731d5

SHA256
027bbb579bc1eab337306d44cf39208b3a0dff0583c3e11fecfc526fe14560be

SHA512
df66864b59603254d8d968152a20319baeaec784f2da7edd9a457e3aec7b7c6d615388fa582295ce0f1375a2acf6653761266cafcb113066b1aef4d563bdc210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f315.TMP

Filesize
371B

MD5
928f412b3962ea2c108a11cfd145c27d

SHA1
7f220b3ca52ab13c78f6894969e3bbe94595b79a

SHA256
9bec276afa8c8243040e9e06f4443ccc28b164d14c77ece73a281415e6205cef

SHA512
3f8a4949ff99f418fcddecdb95a8391aa48bfea01daef75defad76c2e4da341d64aa74f8558149dc130c116e412228c03adffe1cc098e75f57fc3b4a45344dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5582e67f43d4d7e9218dc5ebe73e1a80

SHA1
1d7b4f50512a16cba0d005994593ecd06a04acf7

SHA256
a9dc8430b424cbc62b3f353ef522cf44d5d832fa449f6428146a1e392f870b71

SHA512
51adf03627c174c831f1c31cdbcd8d884db81593e83ed32d3d1748c9124cd5a0d2870928a0609ff67437c7d7de24ffd7de0114c5118e097322697f5c306049b5

Download Submit