hxxps://rozh5363035c[.]blob[.]core[.]windows[.]net/rozh5363035c/1[.]html?4wDnUx7722husz213japknoqpgd964TUMPKIHSUXSIFYI117219CKOT14332C14#14/213-7722/964-117219-14332

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 16:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://rozh5363035c.blob.core.windows.net/rozh5363035c/1.html?4wDnUx7722husz213japknoqpgd964TUMPKIHSUXSIFYI117219CKOT14332C14#14/213-7722/964-117219-14332

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
3688	msedge.exe
3688	msedge.exe
1804	identity_helper.exe
1804	identity_helper.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 2692	3688	msedge.exe	84
PID 3688 wrote to memory of 2692	3688	msedge.exe	84
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 760	3688	msedge.exe	85
PID 3688 wrote to memory of 4548	3688	msedge.exe	86
PID 3688 wrote to memory of 4548	3688	msedge.exe	86
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87
PID 3688 wrote to memory of 4508	3688	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rozh5363035c.blob.core.windows.net/rozh5363035c/1.html?4wDnUx7722husz213japknoqpgd964TUMPKIHSUXSIFYI117219CKOT14332C14#14/213-7722/964-117219-14332
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4697124479983717691,14959673704935364478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b10220634ae9b9549f0e73beaca23d9b

SHA1
2ca4de2363fbb7da9c658e7fbb14e7352c4759ce

SHA256
c46ae5c4117d7d4ecad1098d189d03c13f6b093cf7cd9340810b85dd4ea33400

SHA512
d0a4e4bf0029cef2baa7ca228a1a07cc9213c8cf393d45c669d7dca5647d1d8bb5717fe9297859a888e6da72056ddd3d5c31bf723e8cd0f7fb490f5d4eba9bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6f0f457ffab05276edab285d322364a3

SHA1
2d3d0838f199074b99062814a61885a5e1fc9d67

SHA256
3734856d7ae5b2698466e3c8cb85680e22332031a4e024b5e280d055a68b815c

SHA512
51bcf51a0621966657e96f4f5b02dd6d6cad99130f4dfb16f1363451c212d476450b273bcd2fafe32a6f19d870aeb304731603f279c8c9f604c01fe1f1f11d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca2cf54eb7d3a07b732ef683799a87ba

SHA1
d81c7b853520ab184c768bec359d9d0ce2298c09

SHA256
2d508ecb0a0ec44d191d8da012fde61f256cc398f2e35107dd25a17636cfd880

SHA512
0c8303a64b91fccef29dbc2114b73dcd77ba1521aa8bff8df555fd01778f94ad84b4b36df62baeaf307bb590b13cfab96cb7f4e6685b1b7040e722a1cba21e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74886f19670e770d21ab0e34e71dbe4e

SHA1
3b75899eb30301249e25f9df115cf3a7fa6fd83b

SHA256
e6796edb8b0bbc5287ffe12766116bd05827e74105263c8092fa248bd568619b

SHA512
9f8a94db2f8b32e84c7e5794a80aa1135d55cd55b37c93f4fbf1dc0c289f36d19b15458d2e8ded8a2151e740597129aa3a0221897aed3cfee21ffd1a675ef101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
80c963fcb0acca87bcf19b0aeee02434

SHA1
50608b3f48eefbf1674b28eb5a4dcc29ccf1378c

SHA256
e0a19d5145904a0bc31ab559f10430b0f7e7c6f32bff0b91f6decdfbd2c6e59c

SHA512
7de8a71187f2d384ac8c6ead0c1b114476a797f8a1022d76a2e7d5311c2b3b986735ce0c5885cdc0cdcd9cdbe151372cec14efa0450a0f712cec51a3cb0c3da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57901a.TMP

Filesize
48B

MD5
66bed559fad148cc43b7c357781e22e7

SHA1
7b3eeceed450e9de1c11c727ca594cc52cba4523

SHA256
f352b3bf4503729da6657d0fbc69bd3602670f316088aa82b4da6fd3d04f1260

SHA512
9d75e0dddaf87ed65780f5f908b060324d8722528694b4778972778c8b5371cb96ad9ce412b3214fc35a87795dc76c5d72c7e09391759f88b469eb9854c5b797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7dc90d365480a602536b584962c8148e

SHA1
840c4fd7f8e72c053bada269e280e2cf09f9e0e2

SHA256
a672061498ad51541e7d9e348924d5bf616d581ca06aaa8cd0f6602436faa4cc

SHA512
1fb40d3bc72988d9bad30ebc43b37871271a5f27aff901f217b4055cda38fdec2d73169ba863b5b6077464f09d661a9e8ab4ae448527574115cd3e17ecc01907

Download Submit