a0c7ebd12a7275d7ad6196459dcc7b3f75ab7b65186c0ba0ffebf758ccdb9fc8

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

90KB
MD5

4e6226e54943bd38237698b5dcb6f658
SHA1

99b45164c4ec610d89d62b87d8134f5386b1a99e
SHA256

a0c7ebd12a7275d7ad6196459dcc7b3f75ab7b65186c0ba0ffebf758ccdb9fc8
SHA512

36bd731efb736a5f042a4fdd3fc37b93d6d7e8772cff2260a7ab93aa127ca0f1ac48f2cbe16bccb4355486dbe61855f73cc466473cee74ee9f02d102bda92b6c
SSDEEP

1536:GKJxiCio32iNy9xeTU67DwCaEDba14iCwNwsWp+19G:I4ceLtXa13NwL

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	drive.google.com
16	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4140	msedge.exe
4140	msedge.exe
2668	identity_helper.exe
2668	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 2036	4140	msedge.exe	83
PID 4140 wrote to memory of 2036	4140	msedge.exe	83
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4536	4140	msedge.exe	84
PID 4140 wrote to memory of 4384	4140	msedge.exe	85
PID 4140 wrote to memory of 4384	4140	msedge.exe	85
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86
PID 4140 wrote to memory of 2068	4140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffbc55146f8,0x7ffbc5514708,0x7ffbc5514718
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11467893802590031205,17949167763294969962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
928135ef7537ed412ea2415f4dc6462b

SHA1
a1278fb04d0810f4b0c4c99f7813bec7347ceb6a

SHA256
a80061b2812737ac7df78ebf08cf8d4d53d8fd97213ae757f4d939d9ecde5be2

SHA512
e50d155ef8797ae3631ab2da8826821d83dc9d94698438d2f21ce857bf509106102ed576e0bd383fd02897599775fc283093becf349b74a4113615dc07c86e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7cc189fc82ace61a1ef34fe6ab9b2e14

SHA1
bd93c7da33babb07c2ca40ac52e0362f57fc8103

SHA256
364857b4a4075e04cb23b88a98d9a3e45d80b761cef66b4d5e5d10bf35241df0

SHA512
7287b07f999f7f9797eb81c64755f067e060c0d12e9011cdac7ffa7f547800dbdf5903623eb6eaeaf0923930eecc072d99529a848fcf9fe8d5bd058ea6eeaf36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
586eeb901671fb94870d0721f55566c6

SHA1
9ee20b4aa76f3aaa97c421cea4e59b71b28d2d80

SHA256
acbd56cc5616efd09721a242bb150c0e597772efc75b26c95a394c6d72788a1a

SHA512
d5997a5e1d2e93e0259e21652b2f830dee458cc1d4265768c061ae04ddd6f0c28e9e8e96557666b586aaa4e82066eb342d978216ace4c960658ab5202015d87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7cf831bbe7eb4020e78110a99fa9dc49

SHA1
1d12d64ab285cce655f66a7da970767d04657d2b

SHA256
21990aa88cb06cfb33e80e1ab29ffefb37d097bc45fce49463603fb20884a855

SHA512
67b86b2a14fd9d0da617a52bd8f5ee9d108a0f0864820a117c15644b11ba5084600872d374753a09e64d310974d4619c8246ee376614eca6143af2fe0edd0f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6a048943337f02d5e9e36089b3ce16f

SHA1
d97026b5268350ff8d3c22815e4e7c87831535be

SHA256
40af58591509a2d23ce79c436067c06540c5acaaa0b9e951d8f446145411b6ff

SHA512
08a65296cf564400c96a23849e3c66778e07a3da3a4f16e620d979f179ba17ca265b4153626479c89b8ade96342b387b94a7acc49774780fbb745a24f258822d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3fb873f91b2707b3cecd0850cca16768

SHA1
2ac68774892e8e1bf6924e0417b19664a50f9f55

SHA256
afacf5e3519387b03c4310edbce6bce22fe5522e556047012dd2077bc84e4eb0

SHA512
200a28bc1b3220e8ba119bfc76514caab42ad25be1c93d0144e5685184f293dcee40a4cb7a4bb194f6b46f458c8839f6bae2612125f31802acb6a35e3ea0f378

Download Submit