hxxp://lubematch[.]shell[.]com

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lubematch.shell.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4512	msedge.exe
4512	msedge.exe
560	identity_helper.exe
560	identity_helper.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 2480	4512	msedge.exe	84
PID 4512 wrote to memory of 2480	4512	msedge.exe	84
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 3520	4512	msedge.exe	86
PID 4512 wrote to memory of 4080	4512	msedge.exe	87
PID 4512 wrote to memory of 4080	4512	msedge.exe	87
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88
PID 4512 wrote to memory of 2884	4512	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lubematch.shell.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd730346f8,0x7ffd73034708,0x7ffd73034718
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,375309946504445948,12147147389238687831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0168efbb077a0ae9c70928eb9abdb50

SHA1
c25014d65c561a440dd67b427108e2f8a3871d1b

SHA256
bd74a055a523af5002e53ad2b978d86eff5253c6086d2523e4254ac28c7a9155

SHA512
c37cf313d6b4e3f1edef7f42a36a7774e1417bc50d66da988ff095420e41a264758de3c42dce750fa5f32cf9aa261701aa8ba27ca95362b905807efda4449968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63727771-f363-4c5e-a710-69d4ed213eb2.tmp

Filesize
5KB

MD5
b78b14f744193d9c08c6a4f1e4248b6b

SHA1
cb0d3cc578cc90c73333d0453754b8caf88c6b88

SHA256
5f81e2edecad84a5cd6da2f1940c1489d3134702a1920e35cd83f53c8608ee9e

SHA512
93ed74369a7fd6697e3eae4c961d92ce1a27fe603cf0546ca32bd24e1240b6ddf23dd4bbd0a23643ec3e39449fde6119cd45f8938e6dee4250109a5f6ebc6e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9422f7e1-c224-4a1b-bcb7-f8abde7d6644.tmp

Filesize
7KB

MD5
98a97c098717ad4ea474592ca29f4bb5

SHA1
8fafe4eb8b38ddbd75020b095581991c71434dfc

SHA256
036783e3253d0b2a5a87451c436602c330c4c086d86285f1d7fbff94d8a00823

SHA512
bdc652a15a0228afe78a4e82eba141b84e3b7204109c21e261230978e56e3febbea8c273fac41fa36c96853558302eb1e80abca0721d6f40a2a84ef78cefb34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
66KB

MD5
7a84a278c1736a83b5d0293fc30bd79c

SHA1
98368b1724560ffe417a87d0964c5afdbecbfa1b

SHA256
d215dce5b3227276faaa1fc2af01f97760e7e60d7e95978b014ccbc59c848451

SHA512
4aebd1155d37654b8d5c86cb4a4db088249431ec93c420f92eeef9a2fbe1b3a62583cb9ea1b395ef8158e26905713ca710decc92cdc97b645822eb0b91e69e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
34KB

MD5
d04a036279ab6e4f732a7a09928ecf0f

SHA1
eef3c19fa60843d03d738f5f6af53a500b0b05e9

SHA256
4d3e1f7134532ab10cdcef08aa0926ea005c621f5e8de882f1ecfaa686da37f0

SHA512
3c5e8ea3b94a96ba544287aee87ef7701a9ec6c528a0aa3539cf6990fab1789a97a00ac24bc66e233cee5427b89154d718ba3a59fb7862fdc396ae350ebaadfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c48c2d4d74cdf66ec8b9e047ebd443e2

SHA1
14acaa4379775d2630bbfb065399da2505993fa5

SHA256
933763b9654ae531817d07a657bb0daeba6cb2046acb163a92d2c7ad4f0bd0cb

SHA512
f4f569293c710d9093778f935e028efe9fd046eaac171a005143d67b4055cbf234fdcac042c43e33a37ecf2b8a4fd6cc9c4b3e62bc951b36e679540a7ca57056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3350e1577606cd6e3a4081abed075bf3

SHA1
fda3a4b86e8018cf67ba7713414333591f67f013

SHA256
4ca2bc73046f745520fa8b2633904f78344e8ce887f24ac37986f80d99f59e3f

SHA512
f538d782a68bd3dfc98ecfd415212a8fb460a1b849231ff1c3223fc389b9ae06319cb847989e9e8907521995eb688987c816729e3d7bd1dcd1a0223f53630df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8ee4a79ad8d8655cdd4ff2fbf9bdaf04

SHA1
9089d34724211f099e897847e81bff6da819355a

SHA256
80075ae79dc3bd60009645ba34c1e708c55c10d6c2326c8fc3867a59a331310d

SHA512
f055f8fad719ddbb3a4735b6fb306b1282fd77e805ef3d314be9da0a42cb43010ede4f3ce177565d8d2a16a1880447002d5de2a4aa3e404834b814b01752f9e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3f3bb403d142528dfa000744913b0fc

SHA1
ce8ddd13a37ee22d75ce2d40c7a27845be5f3470

SHA256
192f8994a08a91642c68a66276fdbc161d8ede2cad7da7cd84cd89c358a3ee1f

SHA512
84ca4e419f6f550e7066203f8483170f842805b06a432c28a015e192e62143050ab73f2535eb8035b1fb99d32f0e9831fc8f70215eff2ed392cbad2c670edb38

Download Submit