hxxps://mega[.]nz/file/CFABzIJC#2COb1AIGrTSE-LcxreVPHLbJryX3BKyfvK_UHYGTvW0

Resubmissions

08/09/2024, 11:55

240908-n3ra6avbrl 1

08/09/2024, 11:48

240908-nysneswhmf 3

08/09/2024, 11:43

240908-nvl2gawfpa 8

08/09/2024, 11:40

240908-ns1rvaweqc 3

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/CFABzIJC#2COb1AIGrTSE-LcxreVPHLbJryX3BKyfvK_UHYGTvW0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4268	msedge.exe
4268	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1112	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1112	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 4588	4268	msedge.exe	84
PID 4268 wrote to memory of 4588	4268	msedge.exe	84
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 1856	4268	msedge.exe	85
PID 4268 wrote to memory of 4116	4268	msedge.exe	86
PID 4268 wrote to memory of 4116	4268	msedge.exe	86
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87
PID 4268 wrote to memory of 4980	4268	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/CFABzIJC#2COb1AIGrTSE-LcxreVPHLbJryX3BKyfvK_UHYGTvW0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4260 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8422686288386339992,13122358786626502021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x4a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e95cae02f0b9e7b0b68d2f46c5f072f7

SHA1
1d31e28247b1ddd90763d12b5e75a70390cf9d74

SHA256
54a108daaecab98c3a8d19164ec5c977ea727986eb97ca66a4b6ad9c89475002

SHA512
730a2a26692ae84914e198638b1324894eec946442ac170babb293c020a04661577e751ced9cf5ba614b4a75e5e8d93b634d6f24795e873718709806d518b41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76e7bc558442b38c6668a150592dce8d

SHA1
71afb77a2a24b8c459280c312cbe63aa249d6066

SHA256
42e383dcc597ee9c6f24df1f2515f24c279a06957950be69d45443ad8aa537e7

SHA512
3b7ba4a75d063511129ce33301a748141c5175bd62c9a3df0f1e5046c7ce85139c1ffb782b1105f10d2d74b3e2dad02a3d0b4b5ead0fcff9ab465b0291b2a62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cea808ba0100681ae527abc8d59e4bf9

SHA1
1bd398f5117bd6977b9cf6f2c1ecd763dc5237af

SHA256
346d329713079aae96af457d797922bb3012be188d721f47d11552b54930cdad

SHA512
9eaa3c43fbe348b49222feb6992bdc13000526d6169fcb191bcae9a494078769879f0560d0ed3e48a3256e24e0600b21098f76206e0a6f6530af3de9f4b6f6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
562af10b1cff92cdc64115a278dd9128

SHA1
b330bb1c816eb131e6d15bd2a0ea7ece98a54390

SHA256
845ab2eaf3539aa44f5e542747ac1d4dce6775a57552fb0466468538465cfe16

SHA512
24cca0ec24c2de92e2021f9a1c7578f001ad456f5e2d4aaa461c19d575b8cd044a09a34969cb5bc58b5075edc4ebeb47e222abf7e0a73c6b77c3a0460d76f77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58486e.TMP

Filesize
48B

MD5
6b9b05b8f84b36b11149277669d8e140

SHA1
8ea94a21b7674a951ec122ba2e0cb6a3d42b55a2

SHA256
6420c386ac7905a206d342eead4ac89cfdbd1aae9bd47a0c94a7f888f6a07f57

SHA512
ec454cb106a22272cfc9bfd05961909e0714dcb75b69842a9b68ea353af7e99119d072900d3e1e4e6e5cdc2788b290be9aa885e99bd2231157439f6f4d973246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8600955518bed1864389235fc24bfe1

SHA1
18f4e79d0d0deef4a6811d9bab864420657b4de2

SHA256
3a95659c29427768ae6832c78cfd45be8e4827a222dd04dd56300cbf65803937

SHA512
930c72d556de7cbee796a46b9109762c636002b544e3a23f2dd06b77526a63eda87e9b66c3904c793824134055aad76cf3a510a9fd665026373af4ffcd23150d

Download Submit