hxxps://excel-en-ligne[.]fr

Analysis

max time kernel
1157s
max time network
1159s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://excel-en-ligne.fr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
920	msedge.exe
920	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe
6016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 380	920	msedge.exe	83
PID 920 wrote to memory of 380	920	msedge.exe	83
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 2968	920	msedge.exe	84
PID 920 wrote to memory of 1232	920	msedge.exe	85
PID 920 wrote to memory of 1232	920	msedge.exe	85
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86
PID 920 wrote to memory of 2304	920	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://excel-en-ligne.fr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc279146f8,0x7ffc27914708,0x7ffc27914718
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2284598152499257311,9958619102893274660,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
9c102885f25e2ea96740d6cbe40d40a9

SHA1
01856f0cfcddb17b51f0eb87112dd47fa1b979e6

SHA256
4391d2579333254777da47b4421934eab1289f0a7af5c883782b3c868793d4ab

SHA512
339538fa70ed25e7b8dbdef9c4a4418596a7fb34e0a7398a23fce23ef5ceef0e8f1d90585ef836d25047a2f1d0b33bb64b903b5e803cbdcc1ec3e1695db47fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8ceeb8fa09d76149878dbe756d5508cc

SHA1
dac7a5a4a59ac41f0ae8d6c0b30a2cfc09af93b3

SHA256
f065808643f946c8e09654a568b5c948bffce17ed96cefc5f0a280ea0c6da987

SHA512
31fe50f950d33c8b37c59857cfdd50114e79535ad1c267b7b8db1ae8430a926eb3531400c74382f1cd4045aa2cfa6fc51509ae1168c5d1bc7f7212bb38a2ce07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c53e8ee70897a28edb47d5d12b0c24fa

SHA1
e6622208b05683fa2c6253966ae976ac43a5c9b4

SHA256
64a7120e14a379a4d51f287e2afe567958b2e84a7b6183b367722d7c43641c0a

SHA512
2cc869244f108816d90af4713f58ee96b7313d1bc382305e8d8b54210b0d7bac66d84a58ce5ac9fd14d74023f1305f90c928625a3ab5b46c2b8bbf8af8e1df80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3985d16a143beb6cbe4a6967711d3163

SHA1
83d4586369e33ea965e03bf161dfcbf83ef64730

SHA256
a9353ded8964ab4f7d7eb3e99b238354430b5bdc711a89cdc8232448b7ba5e2e

SHA512
3fe0f942e0095b24d039425035a5c2d8b11db574312ac3aca7a744aadc8dfc21099c7612fbc25167b0476e7bf8402b141b816c837422a65659858c0365482d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aaef2fb6c009550cc83f3ad0680a3a6d

SHA1
3eac22af3d51bbe20d308b4a53ffff3726eea8f0

SHA256
bbc3aa7377cf9909dd983d4918ffb6285cb406bd9653b17585c26b916fb47bac

SHA512
de82a4877ea1232b472fc913d737ba75dbbf6e4fae202f60b630f490abd489b0d6a4e47afe1fd4c424b5fcecde25b212d5a981abb86299892f7a1f52674218a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33e6221bedbf4e6261a5eaa7dba777e0

SHA1
efc3ed10b3e7d6f3b1f5837f6c8a8e00fa763d4f

SHA256
8268c1b2eb77eb1d24dbe688c6b9429c22c34381f82ea998b7199e7c3c510415

SHA512
49ba86826fdcedfe4e1b4e067684f2bb93872a5d56660f2289f8067abbca3e5f337dd62ecc275f7310ee849c8dc49dd1e5da735f130789995ec992956afecc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f468c32864e8eb69625d70abd0eae1f7

SHA1
648a90963ee9cf60f479cfac920e6c63591f5320

SHA256
17e34827d5897c8cd7e23165d04071ae0e93edd9fd0e571ef94149d55d223601

SHA512
4e46bed62f514b09245a10cd7e244ec0aacf8fcf052cc3a0c59a2a763a2b6398fda7031037f9a022220fb2b74c316c2db19e8f1b6aaf1fb7add3643c34ac87d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
001258a953958741adca9f8c4972a917

SHA1
1dc8933655e4f5a4edf4b211cc43838c6290e44a

SHA256
188eace237655a0a4131dd0472fa4056ad88105d710c4a65723de8469dd83a31

SHA512
28e9de7d62a60b8905d59dfc470179e8be94f3466431211b0be5615d38fcd09f04bbe40388f2c6f2c02aebb3dd17e6359b96c59a35c88508f244b84946225eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d060bf3c78a0c4577c9f30916ad5ae69

SHA1
07b3c3621c746c3f609b6f09390e37005c8a8720

SHA256
16d1dce12fdc93c7e166e5823d23cc6c6f0b6ec98641649e3ee36bf8b2ce56fd

SHA512
20e13a4decc3cc13b82fa8dc2b6e98469937a7262d044bcec9d3b95b86b352d96f0954e045a0a627345ae4a41d7cc1381beab48629763b0ed16e6b9e03607064

Download Submit