d6c59f2f02c42715d7abc331fcbd9ee3f95d61d36234ac5c417cb0d04a3d57c7

Resubmissions

27-06-2024 07:06

240627-hw9k9s1ajr 1

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

152KB
MD5

53458a2411fdacb55358a6b0b7275e3a
SHA1

ebd30b4c407728ccc874595a4dc5bde979cafcb2
SHA256

d6c59f2f02c42715d7abc331fcbd9ee3f95d61d36234ac5c417cb0d04a3d57c7
SHA512

1cedf27ad0becbcc287fb4d22b6d5160106d1b4384ac29b98e6aa89b57c6798e7efdebb0b4cf48c818ad92e4b3915c26bcce759e0e00c26bee62ed1d365f1aa6
SSDEEP

3072:6F9N4tWJ0d+5AOdhjseB6MkitseOUIMC6cj5BmBJvkcGrjUNqhg:A4YJ0IdhzB6RiVQg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
4112	msedge.exe
4112	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 488	4112	msedge.exe	86
PID 4112 wrote to memory of 488	4112	msedge.exe	86
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 2068	4112	msedge.exe	87
PID 4112 wrote to memory of 1468	4112	msedge.exe	88
PID 4112 wrote to memory of 1468	4112	msedge.exe	88
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89
PID 4112 wrote to memory of 4472	4112	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe697546f8,0x7ffe69754708,0x7ffe69754718
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8662819488186634864,9226178524199796282,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1c19193dbf5a4bef95a743906085a1f5

SHA1
24438d1edf58ffd92f22ea349248285436b5c989

SHA256
5a302453408cd70aab415a8619a492acb0af7fb72d9f60198fcff9e4a72bfebe

SHA512
32ad211ec29c299d6762c743fd09ea7e830490384c6ea7ac4ef6503ebe8afb1d7180e736a3c220b055c1265f28580e447ce1b7dea2898f3209455cd403caef97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
29e333e6ea3ad94e2416d17223cfee93

SHA1
e8e348431faa4d55c0e7c6d903ee54a225b9cc4b

SHA256
04bfcf0c388cf835f12c517a72dc3776d14d002b36be5c31162bdde3848d6c6c

SHA512
2cec702ffe03f5bc7495deea00f6279d0eb6952df952e1c4a33941ce71e5752c2e43cf80899ceaf258519e92b702f65c78adbe9067c28724e538a1f28f742561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0141d1d52e43142106da668ce2161692

SHA1
4b4585144ac175abc3daeb3caac87a7fb38c647f

SHA256
1605364e845e2e2dcff2f5590635728053bbbde7e86d88b3d6e9ee052537d05d

SHA512
36f2fc48e8a50b64dff3523c371e199ac0db2a67f0fd4360b964d05c369af1fdfbddba838ba0b3775ba0ce715b768c96dbdf4d3d9b3ece5e6170a2cf2d90c2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a759360fa39f4a0605e7629082f9da2c

SHA1
571540037b07589c4d9039147b29ec9b700f9c64

SHA256
0451601699ae13c54d6376d57d98f62a80dcd49917128da118d2c80576517d7c

SHA512
fe2dbca0fbc8153371efd6cb0c645df4503ab3598ab7029d71173250ef03e55909cf2166743007c8852db8448d45a8dd9ebb676d024633e4b319856df7d5151e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a715a1f1843382119d9b0a840ba5a55

SHA1
ed46f620533b795bfb644d47bb011725204e08ba

SHA256
b96ca40bce93691c1ba0e1fa51414336cea7c4762a9c81db23d05f952e1c7847

SHA512
d22525cb4adeea6495e04c0e88c990db8b118b5cbcd61408785d86efbf0d5a518c95e3481c61b295c2da8dd5ea30bb1543756b295306d514aec94f80cbfa5ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b7804abaef088d06a5dcad198a90dc8a

SHA1
488de3f7d681bc6f7a00ef13eb7b1833bee823a5

SHA256
95ea1c0a5d5b7177fa0a968489ba01a01fc3f46af0744d33b48f96551eb342dc

SHA512
3e3e7abb0dd8da80589bcbc1f085ee974441559105bf7a6275dfebd37521fa673bbcaa184abee10dde434e5f530892476eeb7a95bb8bab586ac97285a57d243f

Download Submit