hxxps://preview[.]webflow[.]com/preview/txomin-gallastegis-rfq?utm_medium=preview_link&utm_source=designer&utm_content=txomin-gallastegis-rfq&preview=9874b0e6b06893d2647bc43681fd2fd8&workflow=preview

Analysis

max time kernel
179s
max time network
210s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://preview.webflow.com/preview/txomin-gallastegis-rfq?utm_medium=preview_link&utm_source=designer&utm_content=txomin-gallastegis-rfq&preview=9874b0e6b06893d2647bc43681fd2fd8&workflow=preview

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
60	api.ipstack.com
27	api.ipstack.com
29	api.ipstack.com
30	api.ipstack.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
3536	msedge.exe
3536	msedge.exe
736	msedge.exe
736	msedge.exe
540	identity_helper.exe
540	identity_helper.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 2168	3536	msedge.exe	80
PID 3536 wrote to memory of 2168	3536	msedge.exe	80
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4904	3536	msedge.exe	81
PID 3536 wrote to memory of 4700	3536	msedge.exe	82
PID 3536 wrote to memory of 4700	3536	msedge.exe	82
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83
PID 3536 wrote to memory of 4200	3536	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://preview.webflow.com/preview/txomin-gallastegis-rfq?utm_medium=preview_link&utm_source=designer&utm_content=txomin-gallastegis-rfq&preview=9874b0e6b06893d2647bc43681fd2fd8&workflow=preview
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff875443cb8,0x7ff875443cc8,0x7ff875443cd8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3636277473048212081,4437808333583623473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e027def9b55f3d49cde9fb82beba238

SHA1
64baabd8454c210162cbc3a90d6a2daaf87d856a

SHA256
9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83

SHA512
a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c5042350ee7871ccbfdc856bde96f3f

SHA1
90222f176bc96ec17d1bdad2d31bc994c000900c

SHA256
b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b

SHA512
2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
74b2d5fad8450bb210a8c7f8fb6d4213

SHA1
d6061a4d72c45e5756fc83ef4af8f9d10f985617

SHA256
711d8769d2e7a99c8426dd988d7327ee0b473ba26827d7037560caaa638c874c

SHA512
0eacf3d241628345c39365e68a2aac0f4ffcc1703bf9a4eba9f7fa37009a67ef2a5cef5ea60fbe04dd83b7d29162dc9177d26fb39beedab2d486a8e93e100ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
5a96ee6324f3e1cffecc48780c34f8b4

SHA1
d9489ab9580d5cc959e9ee2fa7503fed2f2fea21

SHA256
59fbd2f4feb6d64cb8d60eeb1c2d10232cf9f8271d80f060bcc44c4d81ed25df

SHA512
829f070e7017eed126efccf16e8b9726e04a4ec4b1f680292768cf7eeccffbaa68e9deb0345fdab1f7fa71b5b546d8b6441461fe85118de86d97efc743756985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5a9196a5b06620f49cf2bde2af08437b

SHA1
e47e631aeca064360d1f06f7d28372dde7625149

SHA256
64f2b17a6d6618568f3559db50bcdcc3c7f9a02eeb43cd46a22f1304153696b2

SHA512
3e6aa38c7bf3b033c8bca7cebf5939d431ebfb299b4723aa0d5109c1456178a16332cb6e6b165b50eb43e43ed46ade513c54bea075006fa680e8ec1670f5cd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f9a161e404b0700312cb4e06adcc5a71

SHA1
84fb5da80a29e7c136d0dfe7db427fd5e0a86d48

SHA256
6175612bf54e1912b8e82e1c4a9cc3164f1dd6d9cc30dc7beb2a02384d72fe72

SHA512
1f40ab24413722556a5fe77b2330ccff5cdbbb68890b6d16258026011dd47cb8400114b0791d5d40648f3bc9da95c41544986e666f4f89e34db05c9befb32836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50119d23af6dbb3e96689cb87594696d

SHA1
a520a421364054aa5afa761fe2c2d3868a22cb5c

SHA256
c1e78a49d954e671b422ecfca938804407cb8ac1490fda0f453f163a569eb150

SHA512
16c84a9e9e5850f978669876e2a483c12a94e7b45fac5ea23cbe8e2f7a921f230b5b49f4f097640ae7aa8707261761890cca3559d524786c39fd489787fba0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e1ee139145bf6e1c55ae1f9c6fcfd85

SHA1
bee33064a14d18bd556bee62bf28e9013a73800e

SHA256
7b57de32f9e8d4147a8e6782cb49466a543704f8f7f0f21c3d98aba737cde0af

SHA512
36024b716c828bea60a175053170167da9af56483db1eb0edb1866b85a475f10ca2861c83679adfdd4ee3b9f53754652e98e1633f970489b88de91a06f8ef2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d655e70499b71700502163a689b5c566

SHA1
2a2b160dde62f92becc98c3811d1e90619079ab4

SHA256
864d1a909aec9bb8ecfe07deeaa43efa703c44b3ede1d18abf3f462917c55cb2

SHA512
f757ec34d7903553c02f38c458ae7f680efed6e23a69d42c31cc2875535d6282cd184103a678abe67217a12bd13d7057e8dc71b2f915af2fd42696b39fafdd3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f068e16cefd90a92c430263d47ea2c9

SHA1
72b4d181158c1b169062742cd9ffc891a6294f2f

SHA256
e9d3ad5f1d34dcf7d347fe41d6047fb6c4c7025f175c022fe4e01f319992e1bb

SHA512
99051438df890c992a5ca39a9faad2de44500ff64fff5eaf04089df71871bded759083f3efe4e5f3f799237e22670281a7b1d0cd43c7d33925136664d9b170c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b37c.TMP

Filesize
1KB

MD5
fa27e8ab38b559bfc664eb8c55d13f14

SHA1
07c7d9c58527960fbcc0a74a2a09731ad5b5396d

SHA256
77648bb728e8c1dbf76587fc1016cd105a3d19504589e44d0d0ea932ee1b7809

SHA512
7a54604799510790be60ae82053f5dd92d0607314c0825d290241f4def0c1c5b41af99638f527a68e3eb440d0b825778221fe7fe8d154667d5600f3502a03f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
781d3a34eb4c016f0eb8b16b5441fd57

SHA1
0839c777591f48b34e90c2bbdf71ea31ff5fa509

SHA256
01fca78fafd33bc30dd5516a90e2005a2dbbe1b8fd773f3e610c3320750282a5

SHA512
243aa54ca8d7c97f3f052a3b63fc5da7dc438e2468ebb469b6fe6ad342acf39b54c6832af487aabfe14c2aa2ab93742c07ed93e51071e835c39796fbf162cd3c

Download Submit