hxxp://jamiescrimgeour[.]com/

Analysis

max time kernel
50s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 13:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://jamiescrimgeour.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
3500	msedge.exe
3500	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 832	3500	msedge.exe	83
PID 3500 wrote to memory of 832	3500	msedge.exe	83
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 644	3500	msedge.exe	84
PID 3500 wrote to memory of 1300	3500	msedge.exe	85
PID 3500 wrote to memory of 1300	3500	msedge.exe	85
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86
PID 3500 wrote to memory of 4360	3500	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jamiescrimgeour.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd812a46f8,0x7ffd812a4708,0x7ffd812a4718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3644677890740030248,16974064715830649524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
57KB

MD5
5c0e09666ba29f6bc2aa19bcb7521eee

SHA1
75355aeab1c265fa89fd1ac8c0513024cad252b5

SHA256
43fd77547302d2568c98b2e44ad509a48b7a7d2378ea3728c8a56289b0cef017

SHA512
73f6a256a079db90b335b4fb4f326d92a4eb6e77ae54dc1fd47d5f548de910e8f0cebec01708a71de2f2aa803da2d779354aa8a4a36711da2740da4d503e867a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
85KB

MD5
d7e06f02c2c2730b61e53079879b3521

SHA1
342793d04bb91f779c9de56c689292f522665ec1

SHA256
2a3ab6616002f9711b82d377872cb7bd7a0d82d0809ce307446fd14250e3dd98

SHA512
aaa28dcbc2a36c4720b4d61f62f8c256edd4fb70870d95d5b3dd955d43334f32a414fc99da2277375f545f196fbe72d817e8bbbc6d0058b62ca68f66e9966d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
102KB

MD5
a2d60a53455408015417e7732bf75dc1

SHA1
93caac79dc4c5572c6e2714aa4d0ad81e62ee434

SHA256
c671d99bc5aca3b97c6e2f73276abd8fe7e6468f8bbbf56f82fb749d0f8cdffd

SHA512
281202d8f588b106254bc429866e157c2cdc5871d85754c72c957f4f018d797d88d7cbdfa3cef069f743d67d614687ed3175172baea34e8d78b4d9d46fe8f36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
85KB

MD5
f7c615dec16e62dd6d7e5a267700439a

SHA1
f869959cc5b16c72cfc3c788cfb2352ed5039144

SHA256
fba07514aefc9ea5f300916a998d94025e1816c0f5bb4170cc7d4c60802275f5

SHA512
b9575a83be05d7171fa72a4fadcd060e31ccd6e7837a0f1c9621c75a935193353f664f6f1abb4fe0efb219bd72a8db48d2c099772068ad4aa7a3d0fda1a7f8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6e7dfffbb4a871c4338ab607f52afe5

SHA1
c8a743d36b5c571e5f2259938c4f553d0ec5b19f

SHA256
9f2196b7349edb08baa5780378374e51a90be73f76cb49ce67414a1d00ece92a

SHA512
743ebb5cdb9f2a57746ac16bda8017a579d381bc9e3e70f22ec6547fa4ebe76677bcf087865c35963d07587b2f8a484f19354970d8b94d10f848d42132d8dd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4acadf6a97c0928e67fd0f20892a2cd

SHA1
d952dac0b348b2495775422dd79bb660ec5303f8

SHA256
3b6a7ad17f087ec6eb02dcd6666fa132375623bd6e9e5480a2ffd5b4c62d76e3

SHA512
f6466c101c5f6468da940a4e35f9eace249a824addfdcfbc183003f53d4ac414e83edbdd4a0a1798e08ca926cefa09a047e64a5ca0308a33f21067ac2127f6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
160adcb21dfa967ddeabbc1d705a0787

SHA1
127c6e94a01d2b9669e6313082dff86c02e5e8c9

SHA256
09e5dcb09528c05a9ec653be4257352512d1d273eeecee61f19ac4bfe416074c

SHA512
624a690dbaec889f56a71f8d081a7516ae06bcfbacaccc11d5eb3f5f3d7e46736dc8236382c81f8e78332e8fe5a1e5e937788ec26142b560c41cf0954beb0796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd7941f0940d617c9499e1f1ee275104

SHA1
9c2491fb1147ac451c1365db3872a25ce3b23391

SHA256
c5c94122674f16e1e16447a87af5a384049d9024b3ca1400e1e097998b8e724c

SHA512
5cabfd1c7cc2d0ddc5e75950fc8653188ec3c0e9ab3599626e47d5e5e83436fd64598fa64a4abe2f8474c20a4d0f6e1f301eac41464696e52e51b5262e63d400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4e833300a835a9123aab0b577e891bb8

SHA1
fd70954b067231eab0357bf208173c24d59a7697

SHA256
03f78227d4b145761cec3cce2cdfeb5c31a4905fc8722489f9bf6be11e86f609

SHA512
b760a1b78b88244897db8a5d5c592d806e94b77a69a6a92e77ae9cca1b413969016a45c8db0db509f4052a34e24241425f6a62d9c3e937af1fbc00e112d6f857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
dbe35da9bfb56e401896ba4f0ab0f501

SHA1
3df8b7431ed654122827e09ca1146ae3855fdd13

SHA256
f962d155c1c0404cafb446ccb9b8fbd3b7461edac4b8a450790c1a89350cbaef

SHA512
04f41d1ed7790d502e5b96a37f5ca5e674063415dcecde710e6c6c5fc2469cdb9a6a1cb65adc47f8fe1cf84e00df677b7780dc7e324012f71fe81f501b7fb421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8ad.TMP

Filesize
704B

MD5
e8919707b6c9a8b2d9c8f39c9334fc4c

SHA1
ba66b768e940864abe492ea1ca88cb0ccb55360e

SHA256
43fc52fca9f0d4d25cefb09947a504beb610d591d88a50d21714f301a483ddc8

SHA512
04a61605b32b482f55ab875de3cf90a95ca4b04e130bbc0585c6c6cc5f8735ecf42e77692501fd83cef672835f84e1136c1003019a329797ecca98de6217e859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff5a4e380ace122e1202a0e8606a78df

SHA1
cb9e37a7e9b470b02132cef90a54a4f950e1de5f

SHA256
05458d40a69151e34ae3afb4aa6b86120c1cc811d3b387ead1c464e029cd6cab

SHA512
05acc45b2a5ab66623faa24deb88af177ce85b300996dba7e1e050ac578d0c434ee5b8b101158081befc3c059461fdac858574ea8a1e20729f82fda5d24706ed

Download Submit