hxxps://www[.]luxairtours[.]lu/index[.]php?m=member&c=index&a=register&siteid=1

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.luxairtours.lu/index.php?m=member&c=index&a=register&siteid=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
4016	msedge.exe
4016	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 3644	4016	msedge.exe	81
PID 4016 wrote to memory of 3644	4016	msedge.exe	81
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 3472	4016	msedge.exe	82
PID 4016 wrote to memory of 1132	4016	msedge.exe	83
PID 4016 wrote to memory of 1132	4016	msedge.exe	83
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84
PID 4016 wrote to memory of 3828	4016	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.luxairtours.lu/index.php?m=member&c=index&a=register&siteid=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9225287913010850211,16361703752113111950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
8eb19b0e49dde18b342fa18d16cf675b

SHA1
a5799ff39bb1e036d93a3ec915c46edcba8753da

SHA256
f4417280590ca7785f026a2c9bb4a2badfc6ac869f9142be7dab5c9cfa6ebd6a

SHA512
654dc1c3d42e5f782eb0999cbee6476a76711691bc43f6ce6865c690b0bff120a23146d56bf6eccdde04487ea3958bdbb8281b9bdbd4ddc714a2f841f9adb7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ba4f93451bb9f1b28cb4e55c40d44292

SHA1
aa327b06abb0dae59adb5b5f8df79730c8b0444f

SHA256
3531b69233572268b4a1d4b6f8c6c7111a8f771693ef46a875ec66cb5f0fbb85

SHA512
ca8412e2a47a85c4ee5d7a8ca79e9b816b288e872dfe0acf284dd62f8708c1023c55abef107d833b3582501654f4c4ecc047ce9f6bb55dc7375cac07ffb06603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6bd19a00f17bc01f85c0022230df1fa

SHA1
5e4470588df5d8677ac462c84b5005d2b5d0b87e

SHA256
7f384c91070b855a90d369c09f10a1ba1e74de4cbf53154e9854cc27b081bb69

SHA512
e5c0e697d0cba9567a752f791d8848c1d434598bb118e6b7f998938e6a651293be0c2804405cbc1482e0f96cde025767d62fcad4e400ce12e153e3440cc6a35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd4886f279d6330df46f768b87b23eb4

SHA1
51eaa814d9f093ed12623e54c5dd5d12b516c0b2

SHA256
b358e955d514f7d75c32f4d1e1ef412dc91461218e4ad56e0eca43e2c9222f4a

SHA512
60420787a6098c31b7144d8210a0040de0fd6ff112ccb2ce9eece50bc537c59808bdafce5d8d89246e50e843104ab11f68f02e85563109202227f319a4f56dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48a24b12850c2fcf1fbf6e6fb32f5ec8

SHA1
503c0bdb344bd2254631b4efd3cfd7b3311f73c8

SHA256
dc70e7e369ce7b218f074475941569ac6ac649289fda43cc71b04adf9c1cc97a

SHA512
99aebba5dcae80126a505b51c113c36b137e9bd71c2da8129f6ef272c91bc71a0298e5254d342b9be548efad517b55aa608e63ea673fd155ffecbb656c771c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48368543b043a57786bbca7e76186303

SHA1
c00c9e8a01f5d026d7cd808acd11a8f2316e912b

SHA256
b19dfb9dfe797f2d420334ff04758aaf584034ee70835a66ad7afc38ce909d47

SHA512
282068186f44bb16b2bc2d4f272286c82d44f1bcad6a0ee5e80cd691f3d1f5f37b7eb7060ce0e2a269cb53e1828beb2785315efa4c770d2e172dab93921ae8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9adc063312529761c958cb7f12eb4dd1

SHA1
ad452c9cde0b93c9e72650575dd6d55e1e605dfa

SHA256
74aff9fc17ec5d1593346a48acfc352f7bc8c5dc444fac991d6d1dc3e6a55c4d

SHA512
63f2de6f615e580dcd5a14c9f1b23800443d2a079528d261322ca02859815de6f562e2d2c8f22f348c61b04b095b8564d42a444fac658117475b39046d572e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01314cace0a30adfb6a390f10d982e3b

SHA1
f6f9cf8af6d5cd34e3c49e15dbb20f702bbc157b

SHA256
f0b593e2dc777579e540060b498138dc19b44d7010c451a6bdf04662b0536469

SHA512
2562034e3100029245450f777968d71447cd2330478e4f1141ce2c42756ff52c8e1f02e9ccfb44931eb428e5b176a19b79ceb05e67e5c132119e370e63f918d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cab25ea5ea1691501b7911ba5ebb3565

SHA1
bab08f2af0b3a4eab3bb07ebb4db1a99f6975e67

SHA256
35c8d18c751145a821baf4cac773022d16366c35dccb512e5c7f422c1fef66ec

SHA512
b3f992023530b93d9e87bed4f0c81c361748fa19d7618b6f85112f55b74828fb93d810d41e844485713e50b916d81b6443738b08951be5e78b8847cddd9d3a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b342.TMP

Filesize
1KB

MD5
c2023a355c41a974673e5454ebe963bb

SHA1
100ad2c69360341fb04e2c019ce48d46ae28a2a7

SHA256
0124ae4ae27f7ae970e8626e564464332bfe70f61b03ca7fdf558a35539596b0

SHA512
7def0e3b5db2a5322ca6216bd77e3d9a55fa434ec259a08bb0bc9bba00776f4a12b4869f1f82a14c1b5fcbe859ffca6088dc8737504fcd838ce04ff656c6e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5542febf87ad6682b234ca6c11227cb9

SHA1
45b28082fb8ad510963c5a498202146f17604528

SHA256
1b9b98a89029fce8659d45c09df24ba27ff737f17a8d40732bb177ab1100b083

SHA512
a4a5aa326b84c84a105ba766f92090447ed955af0187892884da4c17970263ae3109b443dfb7234e5c27fb1d9d9e6d6eb7dc4549fb71c32173c4be408d3e1a55

Download Submit