hxxps://portal[.]azure[.]com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2516818423209999999_2160208a-1608-4154-8945-f464fcbe8125/subscriptionId/f57996ce-6cfe-400a-a311-f797fd8484d8/resourceGroup/RG-AM-EastUS-Prod-TeamManagedLearning/referencedFrom/alertDeepLink/location/centralus

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://portal.azure.com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2516818423209999999_2160208a-1608-4154-8945-f464fcbe8125/subscriptionId/f57996ce-6cfe-400a-a311-f797fd8484d8/resourceGroup/RG-AM-EastUS-Prod-TeamManagedLearning/referencedFrom/alertDeepLink/location/centralus

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
840	msedge.exe
840	msedge.exe
1448	msedge.exe
1448	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 4308	1448	msedge.exe	85
PID 1448 wrote to memory of 4308	1448	msedge.exe	85
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 4596	1448	msedge.exe	86
PID 1448 wrote to memory of 840	1448	msedge.exe	87
PID 1448 wrote to memory of 840	1448	msedge.exe	87
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88
PID 1448 wrote to memory of 4848	1448	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portal.azure.com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2516818423209999999_2160208a-1608-4154-8945-f464fcbe8125/subscriptionId/f57996ce-6cfe-400a-a311-f797fd8484d8/resourceGroup/RG-AM-EastUS-Prod-TeamManagedLearning/referencedFrom/alertDeepLink/location/centralus
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb54f46f8,0x7ffdb54f4708,0x7ffdb54f4718
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2267667810018929294,3777456476219583348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d19a59fef5d7d1098ba116f0fd193503

SHA1
2baa5cec4da4b900ad40628192831375e41c007d

SHA256
6c6a6d52a7ab1108a7ef3c57365d7971ce71fdd4d6cbfc695c73ba1263bd8fcf

SHA512
be9d96109361f2cba2b3cf8d4d545b844f250db4aff7815119dea215bea66b5d3de6bda33de82e472336fda2ced5e6a263219a8f3e642003b815da05d9699040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
354B

MD5
e02bc541728595972caad9f6d773f069

SHA1
bc64f72dae84fd0a8f0785565f7a0683a36ea7dc

SHA256
a7ec41f2a500b16c39ef9c2d2b30aa44c0c966f85c22740327f98e0f50aa570c

SHA512
e4c545e5da938c8d616e29f997e520605a6ba50893a34b2945a513ae987240fb23b45171f679a44440e3dd1169b68323f3530ab38f530337bfbb33286b0f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
261B

MD5
516af6f4e67cd8ee44d05b15cb5d8436

SHA1
3f186410a46d86bc9cf56b0538a22a7e26838398

SHA256
2a511ebd1e7077ebbd22742a731b355ac8f17975bd0c0cd171a6e7be12a9fde2

SHA512
d9022d579fc8a5f11cac45991fe63071ca522ad7f92ff370e6af8e152636632d21cadbf080bcdf62f824191dd56d317097cafdba9dbf3ebb7712c1dbed92723a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e5fa8bcd742ad621d2d43bc9ce725c0

SHA1
cd2bdc3469af5c0f3cf1a8fb53493682fadcc8fa

SHA256
891d721e34ad9df1d8f9df84fcc40e57144c032a782ae180124965c9811e89d6

SHA512
3f73e1365f6298f6e51ede2261ecb77a990e07d5891948e6e2fe72efcb73bb7740d029c206d7300f9075dd77db403f486ae8669d3cabd7170d9a7d6b1b0801a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5489bfe7fb8f1ad5f8c2150f64d8d1b5

SHA1
486699da3e7126a30f98510982b02a542eede74f

SHA256
6cb60d5ce702186b1c2553fa00b06fc3388c573ccb9f4f86093fb3e045253f54

SHA512
5602c6c0f89aa66bb64617b93bf8c0c9aad0938c813387d187b4a307eeb2d62fed2abc4be6197f553f1d1f1e00585dfaada6222868b0400d23446aac08594b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8fb4d3533079ec8e44637930d3aebc04

SHA1
731f44a37dbbd11e30928b3c9ccfc1d7b2c8126f

SHA256
f5aa8959bb35ac55f53e870f119ba05a4179cc86aab20f1aded0a719be20ea46

SHA512
d5083e99c3bb587e61be4cb41eea48ffcbc986db9e0bf42284ecfab9306e9b030f8a71b9f0601b054600e5198929c4332c6dd2f10dc9fb74a1ffc1c3e9e7cb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be98.TMP

Filesize
538B

MD5
1d013fe0bc1b3bbb2fceb62933551417

SHA1
87a286be53707b21668f77c7496bcf011c006840

SHA256
8798dea93ababc18949f9a649655b748406b66753e7b49f159e65b652748bd23

SHA512
ccc68de7e8dc373f209eec874c8213aca45d81f4c299af1abe2762a48ca3530991df1d76c9de55e9eefd7d75f4bfd128775205863eb9d9fa1a6d60808dbb6863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbea383ce268b842471ada4d425f061e

SHA1
e09ca14d5969e80e71c7ee1256919c07a6786214

SHA256
f52ad4b2bad83d4d0589e10a7f96dc46dbb3fac0b1199bacfedce326d8c8d542

SHA512
7ab6720bd9a22eb9d8e3d037146ddf431ae9716505c70cc59a6c2a00d7735005f0677a472271e6eae3af1defb1e493e5379109dd4d3cc52730a38bad18d03bb7

Download Submit