hxxps://play[.]google[.]com/store/apps/details?id=ca[.]bell[.]selfserve[.]mybellmobile&hl=en_CA

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 23:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://play.google.com/store/apps/details?id=ca.bell.selfserve.mybellmobile&hl=en_CA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3756	msedge.exe
3756	msedge.exe
5004	identity_helper.exe
5004	identity_helper.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 2664	3756	msedge.exe	85
PID 3756 wrote to memory of 2664	3756	msedge.exe	85
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3184	3756	msedge.exe	86
PID 3756 wrote to memory of 3464	3756	msedge.exe	87
PID 3756 wrote to memory of 3464	3756	msedge.exe	87
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88
PID 3756 wrote to memory of 1092	3756	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://play.google.com/store/apps/details?id=ca.bell.selfserve.mybellmobile&hl=en_CA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969c346f8,0x7ff969c34708,0x7ff969c34718
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3653196052359244058,7683510580775113626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
c63b3739a2b2fb36061c30af28fbdae2

SHA1
fee8888317224fd141ca390d5b79b18d829f26ba

SHA256
b5bbbbdcbf6a861ada43acd66b99b18b593d0172327d45f26412dd93ace243db

SHA512
71732d92c5d4b65500269934a894c70d237c089edb5d187d16227c00f2cc5195ccaff8a595a3922bc26801fdf9a773a39cd8a094f895bbe8819ae344e0e9e696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4478c65b497885109f7014aad7084aad

SHA1
8b49e1c60ef0ff8ba43fa5ef759c2d89d1549db5

SHA256
af6194740f019c23cf775569a98c3536c4e9fbe066a69730caa51fb7524fd1ad

SHA512
31af979109a180ee5b22bbe557278004a70996cd5749363d5ccc0a3dee9d72b4111b552a9c55fd21fecdfdca536f307d3d2342ba6cbc348177a9978444ecfee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b5021fe35af78edc70e60d1fb45a8f8b

SHA1
77dfea18178d03e3dc4d47855034f0b9f0467b38

SHA256
b7074c6f9d8cd50b67a027dca9ccc1c7e7abc3fe354ef59965bda1b7209b42f5

SHA512
88e4c8822aa2444120c93f83bd8f0fb43661a73b8319ab65386ab818d53bc4e7226a0c47905f2c2757acc2ed620e5db84dcb9ab8e48eb1abf739a1861e12fa7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34b9724f103d36511411a2857e47ce88

SHA1
eac6c73f774edbc5149853b3ffe10f5ffada4aa4

SHA256
dc476e528c30f9e08cb523bf432858506cdf477cf2ae6854cce8dfebcacfae2e

SHA512
16bf770b42d27765187e4e6d31fac2c7089a0cb3648f14ea6816f3417ec00d377d36b075a486520bd8c70f094eddda554240eb310a57496c4a6a9c333a89daf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd9896f29a659edffe8106b735fd4c80

SHA1
d04af178542769b93b6fca83a8a4849917905771

SHA256
c7e695f9fb8b64bc1ed12c58db6cce23b174bb2b0cc662538699e63dc043b19d

SHA512
12b537c9c0bd072caa7f84ffb1efcaf789d2fc9bef69b46dbcf050c20c1e5627c7b0dd938504611f4e622ecd9ca3076a44e5b24e37aebdd7a81f2726ab95e96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f695d2f48ee9c895b6c24e97c7e45d27

SHA1
003baa716089b3dac640670c63f638ea8ba43bc7

SHA256
9dc027e4b092b8f04c5f8cf441e5e58c76a07636d3d472ddaa1eaa7b55861bb8

SHA512
cec36e1e53a9166bc3afd8773a2f3449f557e9b5967373fbf7d762c9eba4355fd355df516f8b6f398c67fef892c769e61dae0ca167d1c33e9aff080a60f9757d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
efc567fb372dbb3c0322693727a4da3e

SHA1
9e82da2c229980fb667ec98689d53c5036adb7a1

SHA256
bb6e81df6693f5799bb31563f412204a830d17bca43c2e2f88f19f7ae7350254

SHA512
9b15b7a9ee6b2b907b3bec3d599317f27bdb2a392d37c22651ce7d453a473dd7f607322dfafb7509e818ae705a94c9fb144ae617d80dab3dbeb388d9a9221a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d0c8.TMP

Filesize
538B

MD5
8441284681dd20322fa63d5b1a3643f2

SHA1
20b5f732dfc42499a301b81c42750cb7f6160abd

SHA256
4046063b66a69d16a7caf9e8ad8fb8717fb43ace543d58f947ebcf71614afb55

SHA512
d992adec21fd4db2432baf68a2cd52bff15e65988c80bcc0249e3bb19c331d37de8ae11ee5c1c7724f9cf517ec5c5ce1fc4d014cf68b25cf37d27eb952c82cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
98214910f009afce642b907a0fb59923

SHA1
581083a565c8713b80bb052006af774ec05cb35b

SHA256
2e153461328a7fe323130ad71d79454a12d713d4fc632ed77192e8feb6e0ce46

SHA512
77274930bc9ef4045652f03a8e59aab291819b8706e1ba6fbe3ca9697d68b0d9d1ed0ad863ef6ffad67d1226da39417b44e45cbab22722568d596c664933be97

Download Submit