eee45dbaacf13ce12e88652c2e6e1c502616debc51e999744165a6bfc4e79c81

Resubmissions

21-11-2024 11:17

241121-nd143a1dpg 3

Analysis

max time kernel
147s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Secured Audlo_brownhealth.org_4155465981.html
Size

6KB
MD5

71d900d705adf0e3f3ca57a57e796822
SHA1

93b89b961cfe1464fd6f3a6b265e5946e5d2accd
SHA256

eee45dbaacf13ce12e88652c2e6e1c502616debc51e999744165a6bfc4e79c81
SHA512

a04c9e1fc44921406bf21bed1b2903669ff2d419da6e45444fe648f2a3129e6bbb943fb4a8b589dc589158492aa4c18db71bb0346f6df5f477801598ed8d62db
SSDEEP

48:zN6RI2RWZYvq7+CCEYE8kh6BGz22zjMYcLEYszRYLVOSss1vAnYlztYfe2/Kz6fN:p6RI2WZ+SM+HtLMd5wT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
2272	msedge.exe
2272	msedge.exe
472	identity_helper.exe
472	identity_helper.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1484	2272	msedge.exe	83
PID 2272 wrote to memory of 1484	2272	msedge.exe	83
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 2440	2272	msedge.exe	84
PID 2272 wrote to memory of 1976	2272	msedge.exe	85
PID 2272 wrote to memory of 1976	2272	msedge.exe	85
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86
PID 2272 wrote to memory of 3984	2272	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Secured Audlo_brownhealth.org_4155465981.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb419a46f8,0x7ffb419a4708,0x7ffb419a4718
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3513860584796285666,13934978006797951803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3b9a7d09c4e26d5145edc2fa67ae745b

SHA1
c648183f5a3ab430f14bc9e845407c809a3977b1

SHA256
69d6eb3e308f720cbb896783fd2ec810583b066a26457eaa80b42facaf5d5659

SHA512
9525d99500dad21b2cb0aa351e8e3878f9d1d328afd698b83eb08226f9ed3c30dadab94ddfd341409607a2bffb484fc3708570ff130eefbbc76d0f0d8c9dc37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
76dc4cf059eb50073694974dd42cf594

SHA1
b5f2c3b80ebe884e4ec666580e162a58fe387e86

SHA256
6f9492a94d45dd7f113ff6eda87a7d72d015280d55ce7011d9e8a54114b6af09

SHA512
3e0a8049daadd8e87e201fb68db1686a052871aa3b98c56f9d7371c2655b559c9df9e0cccbcb3561a2d9f228d8d6d31e710b0cfa7501101d12930d4b4f4006f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
c7a7c4f1dd69edbe0ec2384f1c3006a1

SHA1
de5343ef5c4974c7815c6a8c23d0e7a8ceb2c897

SHA256
e49f42fd2fa04cc3a648aee9660d856d11f8a761e23418983de5317a1916e47c

SHA512
aef29b430be002a091a8e3f10bde40c2a8725e3994c0adc5766c699604219edc35dde625f00eca16600f6a99e5e1936bbc246c534c7a512658bef7421904de38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
041f141bf20f96fe7236e346c57297ca

SHA1
a462addcc8a6bf0861b4c399a211d59756708e17

SHA256
543c288aabd0c420b7683ae0c8d297b0fcd93997147045a71c25de54cb59dcd3

SHA512
fb607015b7bd9ffa17da78fa87cdd48efedea7b250a895542ebff43debe01ddacfad0b2afc22b003798f4e0497860ea57d2edf4d60f1d718269dfed1fd57aa8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad44aa51770d3b8045edd2f9055ffa57

SHA1
d03fdade5c0b35b559e36cf359379333d9a84989

SHA256
f97108fe7b7faa64a99ed0abd7d0560ac6e1435c95d4f74c390c373bc1f059fd

SHA512
fda48140f78b5ac3e6f3a22e05845fb7d77cf16f7be2f6a0c62de2f887b5040083772011b66efafeea6204a5905fab70585901f9358c42196e1f6c59621ab9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
72bfa5f2efbe2834ee37074510c07152

SHA1
e89887ccff556d00e41aa9fa6d77eb334b1402bb

SHA256
c8f3f736de1b16b507d2876f45b442f2f2d007fe268fa8c3376550947ab8d04a

SHA512
3472a9a1eb207933f8c27f503ae10b31d15c514d5eddf76edcf7d2fb40ef2d05cae8e542dfd816cc687c8ba5083f3b9244b6ebe315afce5bebfe74ff2531574c

Download Submit