0e1f1bbc7bd4393109e4c6fdd13fc422d207587dbc6ced83d30dcc9f92c2b497

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

heylone-template/index-video.html
Size

30KB
MD5

1847e9481e527fdcd217601a23dfe696
SHA1

ff9a874585dd4393d516c4160da725dfd1c114c9
SHA256

fb84d3a7f7ddc014b9c46feb48aba3223aa45cc2aca144276ee834d614329c44
SHA512

aa3d2726270ad40754de890e5a4f7847221e366ef3d300ad3735f757aa0eed940f46781d5e540d6e4cf492adc86c3feef4a9be11269bc9d7192827bedbc806af
SSDEEP

384:rjtafb7SJ4S3sDThS/mZDctLzz0hEUUlzerwbc:rJI7SJ4S3qhS/mZDwLzz0hEUierwI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
5028	msedge.exe
5028	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4808	5028	msedge.exe	84
PID 5028 wrote to memory of 4808	5028	msedge.exe	84
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 3764	5028	msedge.exe	86
PID 5028 wrote to memory of 692	5028	msedge.exe	87
PID 5028 wrote to memory of 692	5028	msedge.exe	87
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88
PID 5028 wrote to memory of 5020	5028	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\heylone-template\index-video.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9756546f8,0x7ff975654708,0x7ff975654718
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6986542009925308360,12989766526513085349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x308
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b9739f5776a018d1dfea64dee3f4897

SHA1
3dcea83f53d046c24318fb0748f4d0652b213456

SHA256
a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

SHA512
d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c40d5d7c5e0a85321aa5a230e68a231

SHA1
c4ac788ba4da6897adc3c9ef661ca6b469fc547e

SHA256
9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

SHA512
bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
d04c4f4523801b4ca740b67f3725992d

SHA1
16095b347f380d5e0a09ba9aea8e0b01dfd43337

SHA256
d437ba0b77011503abc84de760998f5c6ec3a6395d8f6cb208a7f82faf011749

SHA512
16b07d20ae63dc9ea9444600df107b9c9d0d9aaec67accedd733f367b4d9f458ed5065f4a0ecbcf64782ce223f7424ebb943fd0a678e2d353792211a5a6b1f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a837f0370f7f03afbfc7c22d67770f9

SHA1
53835fb2d52b807a076478af786f4ae0008080ae

SHA256
9204468e917ab5a8c4705fcce479ccd091e15bee02932379517047681be6d749

SHA512
81a5f4c10c53d028d46f3c8bb095a8f427ab9f75d0b893d9fedfd40b4e9d9b627dce7b8229c5be990b24e17cfb43059d7689b9b1bcaf8f600cc386568d9afa22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a54eeb702ec5541a1d4c7b0e3791c97c

SHA1
916e84070cb4731769827e3772ca4843c089e09c

SHA256
5d078c92fd124af06bb0c4b91006dc0a7505a25774efbeb3918f94b911c92202

SHA512
cebfaea9dac4c8985a67b5dd5f65b1173665ba0c878b29d644b9c26bd8169735a5c0f475288b63f1dfedb0feebcf349b0ccdaac343102ca03385d6ce9c30da1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0031e9aa0e64ecfa1eb07f36bca31e4a

SHA1
f88993e306174550b01e74906ca46c8e5c2096e8

SHA256
ddda728aa071ab81722e1a3784224e0c7c729c4c7f8b21b2423ff032034da920

SHA512
26722d16eaba9567a17d772022dcfc248f6bc0ed78f5ca6905bc8837378d0448c379eb98d21b69cacfbc87c3e04c6131d3408d18449543bee0a18b36a284f6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54d235f93da2c47a4483abb154cff9fd

SHA1
8784fe39078a5e10e8350f9d570294eb132af0c2

SHA256
284e68e3829ec8ff732a00625bcfa3578e29fe152e827fe3b0f09f3e19c9c62f

SHA512
082913f699717bc14ca0104e7a70a8493a7169463af84d3325a7c1e269e9a516d11cefcc539505c19a0477ea6cdcf3f0041c9341d91148975f222eff0caa82fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62fa438b48fdfb61c360e6d4fd356110

SHA1
6e54e946a5211afa1459715b9f37a18ea92cdd57

SHA256
fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

SHA512
01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97ec30b5c5b3e2f7e87c80962469dd32

SHA1
529ec17adfa6fb4f8b1dca7caf409ed7ede8e3f3

SHA256
9e038ccf1adfc8f1a955d965f9d5d786fdd80aa152e68d56ab78002bf997ec7e

SHA512
31ec3834c884ef87f67b8820c3a84838fc00ac8bdf25e9fba2e0d5dd8bef6d74c738128d406b5bf9e8c552e6fa9a19602bbebe8308afcbb68bd51d3e3907c889

Download Submit