39f05e3addd57efc63910a5cce3844a84ea22681833a74f1608c965b0eb95026

Analysis

max time kernel
112s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39f05e3addd57efc63910a5cce3844a84ea22681833a74f1608c965b0eb95026N.html
Size

90KB
MD5

af65ee05e869f9436f910d4b583337d0
SHA1

4481e054c6e1d85b2ccad4534f349ab40e925883
SHA256

39f05e3addd57efc63910a5cce3844a84ea22681833a74f1608c965b0eb95026
SHA512

d5665af5f4e5988ce20c781e53131f84f8a40fe4242d1dabe9aaee4c0da820594e050693ae1ed26287ea006c74d901dc477de265eda71994ffb65d78543d22b4
SSDEEP

1536:eIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SL104:P10wAgW81n2yzSSokXfDyjeFfsHJXgPL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2520	msedge.exe
2520	msedge.exe
2896	identity_helper.exe
2896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2012	2520	msedge.exe	82
PID 2520 wrote to memory of 2012	2520	msedge.exe	82
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 1900	2520	msedge.exe	83
PID 2520 wrote to memory of 2864	2520	msedge.exe	84
PID 2520 wrote to memory of 2864	2520	msedge.exe	84
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85
PID 2520 wrote to memory of 1768	2520	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39f05e3addd57efc63910a5cce3844a84ea22681833a74f1608c965b0eb95026N.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff815d46f8,0x7fff815d4708,0x7fff815d4718
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17210756827586313318,9920455541642817658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
47KB

MD5
02cdf9505966d660ae430b9258726521

SHA1
7a6e5afa2c4cbab3d2e24fb3fe15eb43cf01ca82

SHA256
e5483c5b5f4d089cab46aa7f7b540832ae0e727f5173432e012e9897a9e82207

SHA512
7a9375eb4dbefbeb1bb0672fa07676fefdb21a7a9ddddf63949c87c251a0928649495215533e13f48510b28551da346c163266a8b3dc0dad16c1d8995a4c4ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
32KB

MD5
45c207496bf7b128c0363c82c8a28689

SHA1
da765f606e972847c7c700e1c099664acd9aab38

SHA256
8e9b9b5bff06b338e19a87f5336f85132ff039b0ce06a30817116de3f61b0dbb

SHA512
d11cead2b3998757725732ce2e425a5882b33d658916212f2a858af6df13f0db9749380f05b44c752ad24e1bf732563657ef6995d91c8149e6280a7d77de5261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a205593a9ce9f0ab64a1c923eaea8722

SHA1
e19c6d4b95b1806f9545c2395d65f71558c2279a

SHA256
3659c7781b5661bd9387f0bb78569ac033d2e1e598d24e6e018471f8e24d0735

SHA512
c6563c67a4b00fe693ebf6228fbdff55e87dec7e2e12bad97a6ae640f964b4032d19b07077e5280cca5d572f177c576d54b1cbce5be739494201861626538ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fc640075e658ecc79c5fded73f481eec

SHA1
2629d006596e367b6d5ea4a64ddf129f95326c28

SHA256
851c32e7387853d226fb0b2a5de31357dc77516905c968acac6ec23c70490898

SHA512
3c5393224af9958b7765cf8ab3a113948d18bf24ac179dac9eb5689edadacb938243f1e89ececdfab8a0dce79b4c59a3216427b25abdee6b0710b3c084bd8d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b69dbc8bc3cc8874054a24753ed24533

SHA1
ecbb54a06eda074ecc5ca0b68a87a3fe26f48f7c

SHA256
6cf32e4a8daebfb10e771b0e06a2f25bd6d7beb9ff8f59a4386767aae98e8382

SHA512
04d018d63b285a988e074f6d3e80bd38ecbc0cf5aec9d4ce552723858bb8e58206f492a5e9dcb32eddeb37fdef8656f643c607c2c29bf7e94d105ae4088a9f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4611789a8b7f7586f2db4e6678eeb41

SHA1
070594ef245def261843bcaa0de554d7576c80ec

SHA256
c207ad9d648b48d8edc3475f97a074fdb169fdc75ded83d3ba2ccadf71519bb4

SHA512
a55c44001940dca1a53e4b5cfac3f3e2ce073cfbfe8bdc4fe56f23946ef8dbb83382fb01bb7c6e231b479a7b43dad4d9029cd98ea59b1a3e99285cf37274759c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aaf296130431efdf764e2f05f170e92

SHA1
c946df24ab4197fa31d1ea5941b437fdc846dc25

SHA256
42543432627292a1191914f443ae4e76e9df804fe2d78a125e8c8cf001a42256

SHA512
a96eaded6f7d29732e4792f038d99c01b445d7803a08522f22976ce2786ab81efc988b2f13439a1d5780822d4ca4c2a217be9f5ae9ef5c3b70998a0d78c802c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5cddcc28942262ad560f0cf2c12ac11d

SHA1
4cb52862dff40c4541b71f8befdc532c318b55b2

SHA256
729e93eb41ddc96617ef8afc7d590768312c0817f61be7a2d0fa248a08cacb3e

SHA512
26bd16a242080d21c3d9d0d39afe4df69e3b4adf30a0c04db262f921a44550dd6c5d3a87e36bbcdbe933c6ccf3f44fba8f17b322baaf65d188e3c77dc4af66b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
194560776d878baa19ab73e3f0d617b2

SHA1
6a46341a8264f754ac1ee94a67f452d98d8a648f

SHA256
cbf82809c1101dce9c1f2755308efa3c769df604a740af6a914e4148c2bc3305

SHA512
3d12a5514bee557959a51e3b89a3abe2221306c7c28d3ecd25eb30d2be4bf6ae56f794f0719b9bce0acc525e9eb64c85e2efc165908d71907e22268528d0cabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba57.TMP

Filesize
372B

MD5
a2e29afcf5899ef25676037883c271db

SHA1
cf91e137a7a2e3c7b1597a21a5b0050067f630d1

SHA256
426b30a1c70512521c9c3997476b27a6f8b37c2d94db2423c3909645c499e519

SHA512
1893a7fa80677da5269fcb11b968bac8b6b05f6ad5ef0b464ea05b07779ba0564d021e52e2e0378bd11523a2a9946da3d5df289d1bf625125d2193c74c82f467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0be0f585e0f2f6b91220f3a7df3ffc76

SHA1
3296f8db98e1d9acdb7fad09e0be65c6c04b1b57

SHA256
1516d0e0234247f8440ba4b67b794753a2b0f6b454e61e4bcb30ff51aab314fa

SHA512
e47d04b2d4d2d1f7504f81520a6db0c9f3b5acb0195418604ae4ae896872a7991ff30f998f4c3e0c63f65e53f58040ba87a02714cb40a3659d3b0110caa3b0fd

Download Submit