183160e943a1e0b38a07dc0d6fd775a32180bdee16cc5b5df90330276e95bd44

Analysis

max time kernel
137s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CefSharp.Core.Runtime.dll
Size

1.3MB
MD5

41571881b1113b2813d80a8fd063fd18
SHA1

8e01d0f9daf636979b09cf3f3bf7235de1be3c81
SHA256

e3a9a58317217393ba110b1fd1a7f39c0fb819ce96d425e5d1220e200420938c
SHA512

b74c0f0cbe46e9902bd19041fb2f7ded7b1849c790837f29eab250392e612d1fc42767847cb39a2d94fcbf8d528e0ccf25a445d42b26379aaa8de823a1cd0b9b
SSDEEP

24576:m74xCV8e00l0NLz4Cm9naV9uhO5GZLOfMRh44OkSgqc4CQKZi5P9xh0gsWLgiHea:nCVXtZLOOh44OkSgqc4CQKZi5P9xh0gH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{1F9DDEE3-BAF4-4812-968B-FFAAC825C9AA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
464	msedge.exe
464	msedge.exe
3244	identity_helper.exe
3244	identity_helper.exe
2696	msedge.exe
2696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 2224	4816	rundll32.exe	85
PID 4816 wrote to memory of 2224	4816	rundll32.exe	85
PID 4816 wrote to memory of 2224	4816	rundll32.exe	85
PID 464 wrote to memory of 2576	464	msedge.exe	96
PID 464 wrote to memory of 2576	464	msedge.exe	96
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 4948	464	msedge.exe	97
PID 464 wrote to memory of 3488	464	msedge.exe	98
PID 464 wrote to memory of 3488	464	msedge.exe	98
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99
PID 464 wrote to memory of 456	464	msedge.exe	99

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CefSharp.Core.Runtime.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CefSharp.Core.Runtime.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe747146f8,0x7ffe74714708,0x7ffe74714718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,8725775050017281827,16503449283530331816,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7ad51b12-08f9-4f55-9965-48fd21120f95.tmp

Filesize
10KB

MD5
db483558f4353d52ccd0ac31cbcb6763

SHA1
9d811fd57f773b499e5260b7410ab9fc3de17887

SHA256
cc7956cb4cd00f79dc7dbabe9d9f711bca245cedd85cce3f7e0a7899a3e0b32c

SHA512
9216cdd90b0e9cfecbbcfd61cce8e9cd741536564ea9f06452adeacd4a3e6cc5c3c1e92b28e7ae3a6d1318004d39ff6538cfacea65cb062bc668ef4e9620d04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d9e7c5026059fe96a1421c6899b7b35f

SHA1
8a601906e8bdcd70ba851f11b2850843593d8523

SHA256
a6f437c1d60d1f0e9e17921f7a5624a9c65862300d1db20f5efee082c39c7883

SHA512
b9d34cb58bb9d96f5f2f787a9d1a28d46ee3b90e4c8d0d5098d65836868e775816668a6d0f3d69ac7651e86cb9b772b9f129104ccfbfce324d437d8b560786b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8b4ae39fa0ad5f14bd12b6425d8c5ee8

SHA1
9d3318d53995e93f1d74a42c81fa4f5c1016925d

SHA256
aa55253e93b32b1d0d91beebc65c7e7dc778e72a93c9443f2ef1405ae6d89abe

SHA512
4e24197e845f75da5571c46b0d2ddd62010c9cede3f744d5941b0086557c59c829c3750d71c0e5bd092f4f0f7cd9cfc256bb4941e412e4aad2fc7ae1f27dd8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9d4d4722b42f669ea735cb007da23d8

SHA1
0749e651e8c2421cb54986334bab43c44580951f

SHA256
7761bee624c15548910e63a0084d4d6cd43d48c8be5d8b90f0aaaa24b2c43040

SHA512
56a9ca23ed4912cd41c3e012f46f933a704e386466ee379dc2e8eca2073dc3634a66bf2e5d9a411b39ed9d8bd5f27ec273c0696f3cba1f21ba3ce4df63867b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be0b5352e887430d3858cd05db6e5822

SHA1
c9ef3a4bbe97e345cc31fe0aca9a90ab1b8b4fd6

SHA256
f7dcbcd3fa98d840d1ca2421a92d285cc90e6516a1ccfe2405e1a31272682316

SHA512
ff9f644d4441ed45ad4ebbfc743a84f35b0c6762ea9b18a238761f4836feb0cd06f204133afaafe1bfa65d92185cb2dcf19d00d7920195585296f84011e540d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff2c5d60e5d6be74843a55abba1ba2ce

SHA1
cd4cd700c2ec827adace3e6a47b4cceb065ae120

SHA256
ecf61b1f2d59ca16e71a2c71659a747e3a26056fc1a697c234cadaed3b802fcd

SHA512
91129b2dd871af9b8a4e24243a9ac46b9e98abd50a58dc4c7520df3a6cf2df0d9b5fd29fb35465d41ffd2188e8a330fa40e228d9a6a8f653da07e502d04e97e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8f10c18bf5dedf36eeee32e00dce08cf

SHA1
627f63de065f519e28db71b904545984a10621cf

SHA256
e9720458e906d7398ed8a45de6049173b44e8e143f673b662deb00b10b5f23d4

SHA512
58b113457f5409a81ce7e6449fbfddaa273311be9778ed5ffee34401c56bfd66acd53a12e5a9e45fe5befd20c50e9e1c964c83af712f67f00f19cd91751e1a4b

Download Submit