hxxps://telegra[.]ph/Happy-New-Year-01-09-21

Analysis

max time kernel
840s
max time network
858s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Happy-New-Year-01-09-21

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
5072	msedge.exe
5072	msedge.exe
2124	identity_helper.exe
2124	identity_helper.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4332	5072	msedge.exe	82
PID 5072 wrote to memory of 4332	5072	msedge.exe	82
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3900	5072	msedge.exe	83
PID 5072 wrote to memory of 3520	5072	msedge.exe	84
PID 5072 wrote to memory of 3520	5072	msedge.exe	84
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85
PID 5072 wrote to memory of 396	5072	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://telegra.ph/Happy-New-Year-01-09-21
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdd546f8,0x7ffebdd54708,0x7ffebdd54718
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17453239420641583329,13842841005284162191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
10174ef1295d3c00070b449bef4012b1

SHA1
8b920f113646fa02c9989225fd85c7ad3f999ef8

SHA256
638d00f9f85c3769c0cfb994440925b82b18d657b986c44f5f000fddf2ec729f

SHA512
ec653188594a6c246f1bdccf8dc4f24d7af46c920aefb7738e86a4b96914e63b2873932d21f9ec74673fa11b8bd620bf09cd8ed245b62e435569b13619954d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
819B

MD5
11ee556bfa10e761e6b5591e492f5d15

SHA1
af34d04207327be7a4c8a7b72ea518e33ee2df70

SHA256
c00113cda42ad446ee3bb30bbbf9d6d82e3b9d921dc13cc392587f6096756b37

SHA512
203a34c177430c1bf5cf8e5ca52aa685433638d36293135f240cf660d966208ec7e1f5a655825849544a8041c45a10c0327a90208b54214ec49f5b6a5d411cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd538378432f486b3d068f2854861707

SHA1
92551cfe80a01d8b51e0fe1f315b575a571ce98e

SHA256
e7a78b6d4c7182bf878c3c4fcd00cb8291edb1acba565c619aeb986217def8d4

SHA512
f2048898a04f9749c9a963fada03e0204794f5b576d24da0e0e4183843c1e9ea374f96e1239f3d3339e764c6d8e304908808b948f01650b176c1e20c80496e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90ecbfe2e3d88c8eba4b13f8bd0c9a0f

SHA1
92223fd331bdfb900ab061e9ab6004061ac835c8

SHA256
6e51f27e251331b497c6f8fb3941ffb2821bddd434e63880c688f9f608ddfe73

SHA512
b86e3b756abb8b9b28cb3408867445be57d84effff96d6cca1d75c6855709511850cf37b4238a161f594038b9096d1574b6c330f51217ecf264dda1a449a2e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f141d44cf54e3511a20b32c54c3ab268

SHA1
77ad8a59dca92a86b9cb24cd78af5a44f14f2c04

SHA256
d74807f36466681ce95eae171ec895dd4519812c62c5dad134e75882bcc2561c

SHA512
b5ac655de7a0ccdb562b5e497ed6107125a7a9c07d357407211076047e715a2498ca499d51c73255e13197d5dacca04ba8069a9060f8475ac96aef6730273ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
448226db541cbeb9b82524ff3ea4e8d1

SHA1
f60e79bc3caac2f90ff54e723fb2dd11700e1254

SHA256
520d67fca1dcac4ec0bb6fc5c3e70e68445433f6bbf9305f4945f75338cb0b1d

SHA512
cb7b9d76626f8b6967bb27affef1ab9dc4256fea35a0df8cdeecd8d43150b5d4e2a1eae496505098bce1506da785d0ba337577de5ee6a8c74e07974c8a4c467c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39181ec7239e5b0dc12c6aa6f8c8efb2

SHA1
d94b4e8b63073c9c17023099590d0144decbfcc3

SHA256
a220897bc1791ccdf400e37045705c0d7b6961d26013c4d4f3dd700cb2f7e939

SHA512
18404fb7d52c44b03c5047babe88003d9b2442eb8c087fa889701daa63a2eb591a597bf217548928c9886b8761b8c4b30e865483795b37788ee77d6f86698550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8f6.TMP

Filesize
875B

MD5
82c057cb08e9e2bb203df55e60e83ecb

SHA1
85eda59115e9046efeb1d025e7aaf299b8a522f9

SHA256
79d4384c02c8fab69801f620a91f030661d541335da0063dbfb7a0cccbe531d8

SHA512
73bbc2225fe57e6492cd9b58152d5b626848ba29c3a984048ef42013d492c338a4dde067a7c0fc5ae8679a4dcc1a1aa8745f2c258d7e3a4decd8ba18f08fda7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b8be055346d4c2e92a80be93908eb95

SHA1
2db0b9c26f5a506defb4cefaeafa63a802ec1199

SHA256
da4238fa58c6d9717a0d059a5c23733e501108839d24f7ce85b03398277345ab

SHA512
84200daa73dc8c51be38ce72ab872d2063c11c4bbd98ca1f2fa6fbe3e5a3bbba84440a2b693f3790202393fb0230c881b8bfb332ad7795fb7367a962e310b755

Download Submit