hxxp://googlescrapersoftware[.]com

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://googlescrapersoftware.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
4700	msedge.exe
4700	msedge.exe
1732	identity_helper.exe
1732	identity_helper.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1628	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 1572	4700	msedge.exe	81
PID 4700 wrote to memory of 1572	4700	msedge.exe	81
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1208	4700	msedge.exe	82
PID 4700 wrote to memory of 1500	4700	msedge.exe	83
PID 4700 wrote to memory of 1500	4700	msedge.exe	83
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84
PID 4700 wrote to memory of 4736	4700	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://googlescrapersoftware.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeea1f46f8,0x7ffeea1f4708,0x7ffeea1f4718
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5526375534747180304,16328325736640622917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
315004f9ec6815aca62fd5667565bcf1

SHA1
fc5f56db7c1d833b03e8eada8b34e50cde3b5138

SHA256
b2774a9b093d70eeda5d05844496486fe4bc3fd3e83332b26dbf8fbee2c3eac5

SHA512
6c3906db0f93f11f0e72868a927bca85c843609b471feb048f33f24a46732d4c1552f5c2d20af885c6dcda85c00c10478d8e1716f76bb63e4d3b8f004e8438da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5450a590427d90b190c8ccbd02d4229b

SHA1
44689340403f1ece9fd496383bf4b20012e64ace

SHA256
ae2b31e248ca1fb2d908d6ea63a55f6052dda1285a3d341e77d59f02ee93a17a

SHA512
1b9fc77a0f3039ef6b0167b14a9286e03d8599c18e252514aa09c1e2d322f0ef6a2c254a556461577b80a001c61226edf4c9b41977789d3932ef6c3e2d7f0b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
319de4ae2579bba438adbddf0758a8e5

SHA1
8401679f05c4f594bfe8979d516b5749b1441bb6

SHA256
6ff56e6a4d6a74803d6d627935950a14df6a7c62e0baa0f124ba4f163c539795

SHA512
4a1961eebcfc32ac65bb3d1f6586daf3c1dafedb3d925a22b8eaa729cd34681088f8a3a286bbbec139057a1a482c09789b3835c8ae1f5af327126bff168e614c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d1ed9a45e6b1d23e9bae967e031d0a4

SHA1
239968f92cebdccb2061410560ad0491a0197d65

SHA256
2a6d5d3eb2761d0842209f8101462c1fa41ee2454ec398cd1ec96afea0c2fc6f

SHA512
9ffeedf6ec16c89cb90b4fdaacbe410d04cc82f64b5603cd240c71649d6cc03381e9e6527f032bc5a3f1beb1f0a7c1766198029190476dede9029290dbaec632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8cf90a7d902b607e0af62ec28004c2ba

SHA1
705e10ec6cdb942dddda2a504fe759cab009bc53

SHA256
9c080266231e3d8f987bd2d109973d91ec40c4d67699d4ab2243c62cab120a54

SHA512
99b74e5d637e9ef9d1812781953c2413c4f5aa139c6ba8f9903fa2a0e33901fd4e02eb33d25fe75fa2879c8314f43089bd1176753dbddc9ee66fafdd2c06873e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579981.TMP

Filesize
1KB

MD5
b467b828e9d729dd3c79f872e087873e

SHA1
76b36bbdcefd1e11d46994486d2973e736c33ccc

SHA256
b627d37e84acc84a8b37fff31c78b7d477a7641d0bdbd5456d0dfff69c4545f0

SHA512
53d08d8436908870d7ac179ab15adb09d670724e124a98201761224ea4fbbb04debe568ef48f2d8da1e221964cc7fc976d3032587b61b308e60fd63079e46bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9f05de4-b66b-4d59-adaf-3db2d3a29280.tmp

Filesize
2KB

MD5
83928033a3f3f532ec3cfd0062000829

SHA1
c6ea2a333213599d51605132e82170672aaea9f1

SHA256
00d719a952f6c46137089206d54a512c36ed13dc70ed2bdd4b76b2fc31c57953

SHA512
7bc8f8503839f2cc4699f7cffa54acdbc5673fccf63ee077d1d8ce34552e1ca77b3c91112fca8299e82c6b4bc009564e24aa1c031ae0c9acb3fa2b1597b31e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74fd3bcee55efd2f4c1da48b17d53e0f

SHA1
3d01c61240e03c0f368583ba9a179d2955812b98

SHA256
cd0d8fa4a848f799f91f772c6b0c282c547f660df13ae92b9c37e2627b971053

SHA512
7018b13d751ce76a8186ce8480d133b3d2722bf9a2b973339df4b2414a7988cc20446676abcb04409f498d681b105158c2f3817d3037bb13a3908a5a0c963b96

Download Submit