hxxps://o86o[.]explorrussia[.]ru/bQpOaffxSaSsx0DXtQHxPuAWdeMo/#Xjaneyqueu@mailfast[.]com

Analysis

max time kernel
840s
max time network
845s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://o86o.explorrussia.ru/bQpOaffxSaSsx0DXtQHxPuAWdeMo/#[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
468	msedge.exe
468	msedge.exe
3716	identity_helper.exe
3716	identity_helper.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 2400	468	msedge.exe	82
PID 468 wrote to memory of 2400	468	msedge.exe	82
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 4720	468	msedge.exe	83
PID 468 wrote to memory of 1460	468	msedge.exe	84
PID 468 wrote to memory of 1460	468	msedge.exe	84
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85
PID 468 wrote to memory of 3372	468	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://o86o.explorrussia.ru/bQpOaffxSaSsx0DXtQHxPuAWdeMo/#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd480846f8,0x7ffd48084708,0x7ffd48084718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14453793500128380884,6129624061230405421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
83ff7c4008a3d208e7cf87fd400298a4

SHA1
f3a1ac441f8126e231a9be8c242eb894f296dcb4

SHA256
e0c72db3d97575188c4a8ffee03769cbd4eba152958366478bbde4def0daf0ef

SHA512
be4e37efec6cdf0f9f4dc598226aedb88e07366eaad63c5e8667dfe202230ee53187612db91c2b38bce54906f570d14fa6ca9464e56543af1b9afb5d8df72308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed2fbc690060dccd1ab3fa29e5201c22

SHA1
51dd356549cba4dd1b9457154a1ebf919a897993

SHA256
4cd7681028adce059e67e7828fd72ca435a6b9befd1eba4a781b8d5c0d9afdbc

SHA512
3848fcf3bdbe9ddd5e0fc9e4913f42a8a231ee13b04a7209a542383dd31aa0e639807e13ce67789d4ec3473856857f2ce3320a5f98fc385eaf720d16d521f964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d1a180301883241831e29e51f05d9d30

SHA1
20b7e97ebea4272d237fc8daa889089e89579606

SHA256
e96d7bc8a510ccb8cf99b45e631e01e2e1663f5ad134d44870bd7ff871b6ddf5

SHA512
18499649c07740e0e82094b50bd93ed8364853f930486f206a7302303ec92ead2116bc494c2877206add6b74d50cb1cd32367886798445c27862b94621d95e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006410c327b738733164557590fec4d1

SHA1
2f804526485afb05311e9789d2bf2a638d828eae

SHA256
f3912c8a34944f1fb7b600e260007aee5ebe55143715509e54569462ac4463fc

SHA512
b959523ac8696a246b72ba4e1c8f50edb74b1e883dad5364c9aaea5bd42b0e2ec8d74d8845107079dc7a38e2b485f0fe85cd0f07eed14a9eb5ff83a2c61f2004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc0b1cc14ce9b6ae003f76a788068df8

SHA1
24bf3ff8c24737614e1a3d286321499449ca7c98

SHA256
62853ac3f013879dedbab62a9475ded5fc193028c28fa97acbe2853641fc490d

SHA512
dc52ef99f189a4ad9c3f04bab03d640b2eb51853ed6e03fa8b979794f6cc9b4d21b5ec119a7761543421547ade42930380008592eaa7dbc2fa9d931da1226dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e181.TMP

Filesize
868B

MD5
8d01e767d15b3f4a5a2cd7d6cd3b325e

SHA1
449c1aa1065f144bd11e8cee3f6fb7448f8f414b

SHA256
57ecb542eee29b7e1ee609c7378d14fa421628c660cd910568e0ecf7a00cfec6

SHA512
1eeef4be4c4781a0868456ff542a0b26e025fbf41e258390d08fb351f244202f0fb0046eae128456a121ccbdb7e279c3f0083b7b634b9bcdae60716459fab4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0c222a9-e29b-4b10-a187-6b1e4b0bec63.tmp

Filesize
868B

MD5
d7dbf40070c667fd8dd289ee4386aa52

SHA1
d387f4bd4ef77524fce02505873661a17e80fd2d

SHA256
9182d639630e1e14df7c457297f7ceaac0529314466f1cc90aebecce292aad90

SHA512
8df64e621ab05186d1c786608cec5e433843e3d9699f45e3df84deedede17edaa93ef4ffc7f31dc5107ba2360f7880b3e7c1f4dacf3445aa907e0a32063f7ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e1d2b9cf464e34099cf62016a98ddb4

SHA1
dc629ea530ec27f3c4d6f9d059be87dfc941919e

SHA256
61a99460f2d4f8595f53081df21e2adee7c9a05a907de4fa4ffb82a3f527ddf3

SHA512
e8b88fe764ad3a426dded7c02973cf6b551ab2cffe80fad43941b68230f17502f6c68a596f0140a0524094cbd5a034e1cf1223f71fec3c898ccb1a4094b6f292

Download Submit