9b85d6b53e95645934338f28d52fddf584ceb8e22583ceb6c34af44834d52a63

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

docsis_cfg2.0.7/cablelabs.url
Size

50B
MD5

30a714c2ac6dd0fa36424cf5f57dc966
SHA1

893765b82a5bab4bd65dcbd7196b048e8e0aeb6d
SHA256

1daefe9fee635e198603a2d08e6a7029b4a209b5adf1a74c85444ce02347efed
SHA512

45c5e97edb680df84fbac8542347d9c38b742aa15c24eed607fd59cdd4220868bd64d3934dcde3daa6b27c2263e044c518012e0e553162436b8c1824b2201c30

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
3588	msedge.exe
3588	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 3588	3140	rundll32.exe	81
PID 3140 wrote to memory of 3588	3140	rundll32.exe	81
PID 3588 wrote to memory of 1408	3588	msedge.exe	83
PID 3588 wrote to memory of 1408	3588	msedge.exe	83
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2016	3588	msedge.exe	84
PID 3588 wrote to memory of 2708	3588	msedge.exe	85
PID 3588 wrote to memory of 2708	3588	msedge.exe	85
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86
PID 3588 wrote to memory of 2008	3588	msedge.exe	86

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\docsis_cfg2.0.7\cablelabs.url
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cablelabs.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5c4046f8,0x7ffe5c404708,0x7ffe5c404718
    3⤵
    PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
    3⤵
    PID:3916
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
    3⤵
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,17868893954546112628,731541549421820631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
374f79df03d2fad654ebb3962315dd87

SHA1
aa43f054f7bdec761e271171730c31f2074c7bdd

SHA256
727dfc1d7b3ec9f1bac9937746b44d2641166fa73cb108bbfb185da4018235ff

SHA512
06c1fbe015f217046aa29f302fc186d2b6c618904b735fde8fead21662d6dcd142345b147a4047354b56a9c0c759fca16a6e3680ca33103a723822e0d5aac6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fe4430abf66fae209c778dcebe0a71fe

SHA1
0de71da0fe0c1068ba3420244fa39e706e35f650

SHA256
daab1ec5305983f822c04a0c90fd30aa39d418dea308ae1322e5bb2ffb3ee79b

SHA512
97f963f79cb934a2e5fa3816e0215f96ee0debf8da3b56d11852b76b4af068cabca6dfa65320ade4b0fdfdc31ce20b81cdb4897d1e83d10053ce1fd34086e9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1c2563589f2c6bce47d668396b49220

SHA1
eae13056fb20420fc20df8b25af0406e62529bab

SHA256
2fc3886d23a702f1cb0692da3373b10d605bf42be909afa9ab945617b31f395d

SHA512
33b701940ed4364502d94603ecd10fb1e99cc000f0bf6e4398b2b384f671ccd70651a4e6869d95d12812959a91a78ba623e2f4b6ec76cd1bda096f4594216e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8917927f714d572c66e2e0861ce480d

SHA1
bfd8e11006ba8fd521539fccacacdc09debc8e2e

SHA256
858fbaabad57dc3376cbb4531fc8f1ab844d6b3e728c1bda3a62a68e875951a7

SHA512
963c6771a822a42e1e526fcb28be1e7aec5b8bc4a2853cd47f9a7b764bc562317a7fcee6812522a931388102da1eb3a9bc8b50850a3016c8e5169284c99131a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
277f4040ef8a659fb1b0c93a91c53ac2

SHA1
f9261ae7b18d83622bf68ceb01e22d885bfc85c8

SHA256
db71fb2881a3b5aad2e33d107a2798f61b5160b6562a6295ad7d40dc3b69dd37

SHA512
47efd67a0e4aad554fae42a2f34b627a57b4713f19726892cb61fe99a988594186f1862f77c80ffdedb7c5e8b7eeafd51807c863eca7a6fe0bbb2025f182b60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
591b0bd6471d0997d7438ddab5c3b76e

SHA1
0b4edb016d754f3d8022302b24280b9b82560791

SHA256
cafef61db85824ca03e516af72f27f5467a02a84a069d70b2fe242c613fd95d5

SHA512
8892c1668fff19daa62e1e3757955b3017e00fd9fc2422e40863870fb92fd4e996d1580d78d16d4c4eb4fd6500e136b74846a55170199e92dc6099fca78d062c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e53f.TMP

Filesize
1KB

MD5
fffa1c81d154fccc929b18b124e8b46a

SHA1
2b161e0cb77aa010ceaf1cb9cb856262f12824c7

SHA256
b33217f6f57016b3411e89292a6321bbbf914147dff31f1966e657f62ea74599

SHA512
6ba9407084b18e056f251222030a9fd8a35594d6a7057a7c2223c95d2272885e3973bf37a90b575dba619e28f6cac086fefabf6150aac474584c4fa12d451f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e7f9bc69d6c957338924caf247ee82ba

SHA1
d54b1bd610489d923780d10831692d6577ff6bc9

SHA256
7eae75ff60f41e3c6e82f0543e2d005b525d95af6b17b27b606414b29f659a35

SHA512
22973d0be10fb673d29c874c9e2c91e3eae6f5c40d150f996847eca0eeba47398d3633c4aee88ffebdd934cf437e4074aa421eaa06cf0bf462ab2a209a7eeb78

Download Submit