hxxps://owl-records[.]com/account/reset-password?username=dwaubrey&email=dwake_audrey@owl-records[.]com

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 00:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://owl-records.com/account/reset-password?username=dwaubrey&[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
1848	msedge.exe
1848	msedge.exe
3352	identity_helper.exe
3352	identity_helper.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe
884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 4012	1848	msedge.exe	82
PID 1848 wrote to memory of 4012	1848	msedge.exe	82
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 376	1848	msedge.exe	83
PID 1848 wrote to memory of 2656	1848	msedge.exe	84
PID 1848 wrote to memory of 2656	1848	msedge.exe	84
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85
PID 1848 wrote to memory of 2840	1848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://owl-records.com/account/reset-password?username=dwaubrey&[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94a3546f8,0x7ff94a354708,0x7ff94a354718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3083992126485401793,15842939644509014583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
d6581b8c8ac5c07e43b36f7ea577e6e3

SHA1
89bf00c654c80b04b00ca88d967b4c45b3e59152

SHA256
1163b8a5391e4d04cd69a81f7d0ba3c68dcb030035f8589cf9e0522eddf2ab67

SHA512
c1c8c35352665241fa75d57ec6df4834c2a44d1858adec7b1b8e574c73083e49a49313f287928dc937f82f35d7f9b407ab58f3948be11774db01dc2c90fff0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b9470eef64010c41e2695626d1b7a753

SHA1
8117b4d25c93f25be9237054dbe71fe6a8b2b25b

SHA256
dfe00a55480362757adfe81f2081c40c35f262cb902c43e3c760c5bbc6af312d

SHA512
b89712d4d04ab74e8ac6c9df732273638d46d0f59688204903c0612691b6ea285b347d26c85e16de3392498ad0003858622449c011af3955a6fb1ac6e7441795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a8c71744484325cd44b4670d8930916a

SHA1
cc838624b5c0c03cf93474c38540a5b4789acddf

SHA256
f51da49e7181c10f80b97d873b81aaf99ff56d4928c0babb24a0c9f6ca2dc783

SHA512
c6c0d9d14a984881278168b276db32656922366b2d29ff8ba2d1ac37bada6649aaf366eefbb2c5a66dadabc94bd4e02e1c4db3e9a9fc605b8e7933dd76981670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cc96bbe96c7ae45b32e5f4176c0977c

SHA1
f46be2c0f3a5458ae62031362e9d6eb3f92c3265

SHA256
a65472b9bd9a748e7ea699e473956616e559524bb4eec653f577381e7ba484d6

SHA512
0b5c369d9b36b9091fa5041b7937ccce226db2c01999eed5ce7f37d2f82e7bd5db29f3f0153abd0ebb16126eb6c660dd615dcc885080e8b98a6af214b04b610b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eb77e47c32a69bf0a4554605c682df2

SHA1
12b292952eb8ec6b968bcbc154888c75ff75122c

SHA256
9bfdda2302197472b62742e6bd3f404484268e60923955df97947f79fb3ccc93

SHA512
a28f06bb60af8538a73e46355f132dc613e96fc832f1ee7937c74825bf6bf71a15f72ac5dc99adce1b3a755248a607025689897e39a8fe3aa60c092f4469f273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c7bc4d328fd9ca004ec4c4499e756730

SHA1
bd277639704c264a427e9a159bbab9964ba9ef5c

SHA256
0bb762dbfb79549bb0cf5b2ba721215b26f9d0a354dc14024a3004233c09a573

SHA512
6c188d6d26aeac18171ccad2fcb52201291fa5c9de55dcd230cf3f79e8b69926537d5d90fa139894eb9134e2ff6e2072e6aac47ce17d2dc139451a4124293166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5797bc.TMP

Filesize
2KB

MD5
324744da2c08a52d74b9d09bca30d6ce

SHA1
b35cd895d7b62584933c36601f71b6a54d14e78f

SHA256
83862ce064a00e7139f23794b56e8006fde08ee8dcd2a3e522fcd4a3d23f815d

SHA512
20802b6386ba59430bdadee6867014f82fececbdadb313cd8902df88d947f6bcadabc246330c77233e3ae59e720cff3f40984c1649b2d549e58f4c65db7f2d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb12897079a0fa9590cfacf0d659efb6

SHA1
f96764d5dff3112bafec825517b933c4264dad6b

SHA256
ccb72304b399fb2505140f5522e7906cc56b65de2f0cf90a8f2b713bac494287

SHA512
73422a70251eb71efca3e2074e0ee0a7ed5778d08b42a6e2431b7c90c800acf35bfabca146d16dc7a344aed010f87024c31f0485cd828890c26f6788708309cf

Download Submit