hxxps://myaccess[.]microsoft[.]com/@rtlgroup[.]onmicrosoft[.]com#/access-packages/expired/1d414f5b-aa16-4a23-bb81-af234f64f120

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://myaccess.microsoft.com/@rtlgroup.onmicrosoft.com#/access-packages/expired/1d414f5b-aa16-4a23-bb81-af234f64f120

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3304	msedge.exe
3304	msedge.exe
2680	identity_helper.exe
2680	identity_helper.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3472	3304	msedge.exe	83
PID 3304 wrote to memory of 3472	3304	msedge.exe	83
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 1952	3304	msedge.exe	84
PID 3304 wrote to memory of 3376	3304	msedge.exe	85
PID 3304 wrote to memory of 3376	3304	msedge.exe	85
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86
PID 3304 wrote to memory of 740	3304	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://myaccess.microsoft.com/@rtlgroup.onmicrosoft.com#/access-packages/expired/1d414f5b-aa16-4a23-bb81-af234f64f120
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebee346f8,0x7ffebee34708,0x7ffebee34718
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6998513636847708266,3513749409555007099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0147a87c7b195992e03a6cbb1dea51e7

SHA1
5090ae4ebc610de4f2329d39ec8fe20b2af426f5

SHA256
68e834979891f74b2d56489ee54a69b78fec519e8c8da4ee190d9ec1fd648557

SHA512
c4e196778091b107080f367f576fc6d806f55b302a07c8e31be9e7ff3a427d53ee0437e1672bfb2143f286ce7c9372b01a3b5df36ad6a10b171ca3ca2f67de39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
535B

MD5
8fc74d8e829293ee15008d59429614cd

SHA1
f1a9125f78d9a74e2ad68a74d328b48ff342ddec

SHA256
53c505fb42607058a3faa6a82b5ddca183f522dd51fca0ec0403666e80340e4e

SHA512
824bdddfdd6f197feb96f1d3fb37f4e21714643f834268576b9d500048830258c7856b034bb128eab99271dbae442e2906c7357facf8747d163aad29dd304daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
513ff2e3d7cb49deb388b43d541abecb

SHA1
a0fc63e454856f9a43227f7a604b9e5724343ef5

SHA256
4b03f1ce39728d568ae8ad9d0273541133dd28eff3bfb4df54e32461d78407ca

SHA512
c00473b02e4643a3bcad656578d55e21643bed4c3012e3eb1d4102646c1a152c517aed9bebfdc3613cad4f778381b70aa59af3f868e237c3e67750e1222a2efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7821bbee96b61a3494e41c35d3c4c6a7

SHA1
750d514b41a59752d2a6446ac86f12278aa9cb8a

SHA256
88a706fb8eb1f5673e35e182885f8898be50300d1cf0f5df33fdb886baa7ac3c

SHA512
4fd51a6fa046943d8ea04097c7f5486576080a137bcea2b72b1129259e261c6e8497a249564fba57a67bd4d58a2dcb8070ef3473ce0db72f7626ea44e8783a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97b7e18468a2d6db808085eadb32d2d7

SHA1
1be8d69375a30b5f68df4de1401df93479e1eb20

SHA256
0bb3e2cf721883e57272beb8c221eaa8b8f81908faaf318129c71d9eb8680a97

SHA512
7813c501cb78ca46ab452b675b2e8e3a08ac39fc12fbf7b2d0326bf1c61554f16297973579e864ac7d222d12ab0cbb0712023de9529c90a9089bc93a7da2aa8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f6f50457dead0008e3267c2d3ee70237

SHA1
8005f50554034230e3750caf0997e9c63fd1deae

SHA256
dd028af9811d8e45cc4d41d9cb2b7184e850d3f74450b8de013cb22ffb1c0038

SHA512
81324702e65325e8e1e90657c0a92ce7248904a5cdddc9cb9eb94794ae50c24b6f1acaddcfd0b5e2b68e769edaebdf1b975ab2cdb7d60229171fff3383d5b6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c5cc9af9b389f9aa71ea7cc4fcec80d9

SHA1
f4c832783a10470d6f11707703f15fe454028bec

SHA256
0b38d9c574222a0c638856b26158e17d5b0099af90993912109f3481d5e2e38c

SHA512
93c89a0a757078049f4205c1ae8eb9e5a3a5274581292f06cbd7cde87101c7851d96d86cffc011e3228044fc729dcd5d93db16f98a8253c40bfe34ee6f523fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e280.TMP

Filesize
706B

MD5
62d901f181a83597a39d78df3e9ff6d9

SHA1
e3625e8f98ad1beb337d8e5606ad9fecfc6659ee

SHA256
b8e838c5189436776da462c02ee41c3fb283a2389963afb5da201519282e226a

SHA512
0b97f458e1f65797944384948a27fb27c53cac95c2509c15133d8886bd5031530811995a6e1cf17d5ccfab5155a9fec616e5d9429c839061c9fe160bd59fab10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e4cca46899cba55f4c14429733303ca

SHA1
27d59eea28bdb99f44a20938742979249a83e756

SHA256
b0b2511183fdd28c46262b2ff1aa4b51eeb5dc173d656dcedd178a1c1420d2f0

SHA512
2c4bbb69af541e9f7cd91ba9898163bbeeeeec05b76313366ce6fd03c5c8587fedac118c96cd441d7e1a31a404b5579d1e7a8ca9f5f90ee3d91ee4af7351dfd4

Download Submit