hxxp://sfx[.]rentals

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sfx.rentals

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
5000	msedge.exe
5000	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2672	5000	msedge.exe	82
PID 5000 wrote to memory of 2672	5000	msedge.exe	82
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 2188	5000	msedge.exe	83
PID 5000 wrote to memory of 1140	5000	msedge.exe	84
PID 5000 wrote to memory of 1140	5000	msedge.exe	84
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85
PID 5000 wrote to memory of 4872	5000	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sfx.rentals
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe31cd46f8,0x7ffe31cd4708,0x7ffe31cd4718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1754782882806317991,6643436447213196845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
a6905f0c87b0d34ccbcc0c3a400b94db

SHA1
5acec9a61e4a20bafa8a90cbc379f88c61fa24ea

SHA256
96c934cc2c9054950e8944ef320821279c932a3ceb175c70838cf240ee688cff

SHA512
483a718f1deb78176e021605e33f68447e64ed2e952264ac88d7aa2c7f35e7777ca49d040dab339e2d4287a23c69beefb8f7855eb0c8e79ee684384fd1355351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
e0330f97aa8cc058675d954f9a6ed5c8

SHA1
7997ff25ced1afec9e121c4eb8a71f8649a2f328

SHA256
ec5cb841fd1d4410a8f39c967eed74bb7df2f8c87f8cecb20ad446dd306df2e1

SHA512
9f122810a4f3400b1a03295426adb952bc493624cabdc73f4c82beaeebba3860f4b84ae0210b026bbb1ece787bb470ccfdd6ecba73f8d1d00062120679ba0c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
781B

MD5
1caec2da71b27a3f53a05f6acf7fbe27

SHA1
39ceff4d91f3bf624604cebe7ca567078d36d9f1

SHA256
f4bf64ed5ceff4be57bff69efd9b6cf5a44383f7d4a97876acb861cad8ddda85

SHA512
c0f2177e4061ccc39595842de914973e3700c724ad41d0664dfce095e5d977dd38af17d94db1c533562cee9b169ff595a7acc69008feffd54e1b8b363ce04da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59416c961623d0af858221b40de72e0d

SHA1
57a9e5dd56b410af079e226ca37cf4fdd644bc6b

SHA256
ed96ae98308f93e8902b9341b194b48d4cbbd51a94e79ecf5115859be1aba953

SHA512
ab4e8d7f8d4507952eaca60fc4b8b27a5678e69ea0958876bb866d05d010298038e0e54a991e9cd88bcc4a564caebfbb089be334dd73aa4619067a2eb1176879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db7d77dd7c8ce23b0bf3f2354e490373

SHA1
e43c370b9ba0a7577df10a2824d84d0adac89833

SHA256
32683b280fe9c02309ccffb401b0c6db81982dc55f3ccf00dd34f40307c64467

SHA512
1f598f68d150eaf8299760ac7d6dc4ddfdbc8162a610553a0c3d9c3b7a03d2b8e10e5fbd0b4cffefdf444fe860c8bfb4c94d3dba1cc3a91a60c5a84a70e3cc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dbe27f8d745bd54aede483d486182f8

SHA1
dd37f39120824fb2467fe37a4b982533c7115900

SHA256
3d65fcaf6e7c8b9f1b83e339eefd2925a00ded3056295d4299a5438d54af4f53

SHA512
3d5c8b119ff5e0a3902640328160c24ee614a7b8c458f408ae18c2f333dedbbb09508f3d219e6d846b6c55835fbef7268e1ea6656a08c4e4a40fc7a48aaf24c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62b36f4730f001faa99ba7a823b43cde

SHA1
e05841e0785a7d38bf0434fc17fee0c8f4ccced0

SHA256
bef2b60a29b1988ea2ba3ffeb5d45ff8f84136ab652ab0de6f000251490a6599

SHA512
8a9e6c390504516baa47eba8c6d913163efa8e22fd71fc921b8d807eb2576a2b8cfe9c1f20114d27bcb9d5d7c88b7035f75f5aab3210fe66e4b577b9a104c26f

Download Submit