hxxps://www[.]facebook[.]com/profile[.]php?id=61564218445026

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 16:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/profile.php?id=61564218445026

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
2672	msedge.exe
2672	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2952	2672	msedge.exe	83
PID 2672 wrote to memory of 2952	2672	msedge.exe	83
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 3064	2672	msedge.exe	84
PID 2672 wrote to memory of 4072	2672	msedge.exe	85
PID 2672 wrote to memory of 4072	2672	msedge.exe	85
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86
PID 2672 wrote to memory of 3576	2672	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/profile.php?id=61564218445026
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c9246f8,0x7ff84c924708,0x7ff84c924718
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10387145891535783675,17437727417461265903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
56a20cccaed8fda5241dbe6483f29e34

SHA1
1bf67426aa1efe9eb848a31794ba26e916726c56

SHA256
4f0b8e23ed239fb6b43552e73050d1f438457131df641e26e1fcc6db03ca487f

SHA512
3c083ba4bdfd35a9dc692f19f82269c8a00a0dd15ecdc1b587b18eee8d0b7dc905b7aa8411dcfc003ab92290d76e7bc3c104be40768ae5c68120f52371b7ff99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
347B

MD5
e0be6ee70bf36442e53b46e54180098a

SHA1
be8d39e3db0372eb71766dd831f1fd977ec53d1c

SHA256
0543b99925ea29a0e5216faa649a54d6bd2ea3b135e209345d9cfc9bf5c12086

SHA512
0b7a1cd1a070a0c8b54d2423a1e272246e2909d309b0185a35916b0573a05d40ada06f5890c16f98776d5afce6cf4fd6b21c978930ff7c4294785b59c6c6f699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c714f9f9c7c993e9829a3cd4107a86fb

SHA1
a6e9996e8370cce448dc449c41ba3e0a57413311

SHA256
8ce86f2e0fb2b18ad0e402473dbae5e15957ae5cb72aa61de79417243ce2f37f

SHA512
c7ffaa2fd7b5fdc2096386ea6e714c79974df58d438bdfa5c96d0ff4a0cbcd4a45d779f058ba4138f8874331b8c3c775fea4bfc2417d20a1130165705e3c0c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
287626283baca1be029d475aac443177

SHA1
fab01e230432184a7233af92d5ef6675caedc213

SHA256
68332a1706ae96f8a180c26c93f5009728787ae42c1c4982130e26669af5f8fb

SHA512
5e09555e235efb69ca71f6865e0a2d86a50f42c5a54f16b0567d68a80c7991781a78c45f1809e89b748ad7a64b5687c0f4d9c2618977a52155943e877254e9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
02fc0fb230c06a07df1220ca1e72b3b5

SHA1
5b352f1b9d02897fb87d31fa1c5cc6aaf331a9af

SHA256
a5f3be0e4b1a8ba3a0e6dd9b1bd3009ccb3caa71222d35fab723e96f4a272e85

SHA512
f4d2943e278e3ca16e7e468101752616cebcfd24ccbe28f92d7de881a8a104c99aef09bda4fdb56c974e756832eab3dfb202206dfa07bf75887f7a6c54b7b9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
365b3dd3f067921dacf05d69fab842ac

SHA1
cb1979f390c2e91ac4fe44cd8b2505991ff0ec09

SHA256
05f8367904e476969b4c79da42a1f6703287d5bd20ddb4dc6e9587e8ea177954

SHA512
67034bed4e3afe5e9adf7878f68efb54e05c5093297917d525182f50daf4838549528898d4462ce78c458d757c5c6216c59cc704664a2e44767353f9c4c51a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d3bb0b071cfd28237c58e279b781e4b4

SHA1
15b0c4b8b960e9038b0a044c511dd963a252224b

SHA256
e512334105b9e83cf999f32f449194fcee9a396eefa14d3afede45bf4b9175f9

SHA512
46a286b471bd8f66895e2ab242e776306b7709ab10c891ca686454c704761ef7b35dc03c109fa4249ada5f1bfc80bf3c12475601a9d85d1474c135f2691cee7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2771f6c74c8cae29dd326589c9d5a4b7

SHA1
67c45d99b9c420c9db7f06af9ab26bc31a771c0c

SHA256
e96ebe329a2e04ca74a1573561784e8ed2dd37a4d8f1e9ca33e237eea51b023c

SHA512
47a6b4e4fbce3d7088875c21f3207ee663d9946f0e9e71b2f997cc8f22e2dc937af2ce07d963002f972b53889dd340d5d8d30879a45b7dbf56ca7960271b46f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823cf.TMP

Filesize
371B

MD5
e78b14385bad8de4f8672d2c60766a36

SHA1
d703b14c2f0998e9467ba7fc850a9ee6bbd61d0e

SHA256
4a962961799118886fc4600fd5b8b996c9878d3efcbdccc3ada31ebd466165f0

SHA512
0051f01fb0c5451abbcc1eee28165ddc0fb96998b140b3811b8c858da37dae1fe1449b5a6bda4d058bc6de5f38617ab8eb140d863c02518560f97ec9c51dcf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6016f630b746ab9f609d8841329a123

SHA1
f13371336a9192c4e9d50b875785bec82adf3239

SHA256
cc89a423fc9d90ea5d6b133f4ffc39daca48462954a9a4445a6096a180e17152

SHA512
038f755fe5dcf23034a69e777a88e90eb35a74572009cd0c3ee5ef655751d3c99019593ce18d154366479c7d060cb760fc3918d7f5c112d3b9eefa24ea7bc650

Download Submit