hxxps://t[.]co/9BaxG0CgT8

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/9BaxG0CgT8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
2052	msedge.exe
2052	msedge.exe
4760	identity_helper.exe
4760	identity_helper.exe
3148	msedge.exe
3148	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe
2052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 4892	2052	msedge.exe	81
PID 2052 wrote to memory of 4892	2052	msedge.exe	81
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 4808	2052	msedge.exe	82
PID 2052 wrote to memory of 3456	2052	msedge.exe	83
PID 2052 wrote to memory of 3456	2052	msedge.exe	83
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84
PID 2052 wrote to memory of 2920	2052	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/9BaxG0CgT8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3a9d3cb8,0x7ffc3a9d3cc8,0x7ffc3a9d3cd8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10262263378051987882,4775863942806357774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
1⤵
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
90bbaa873cb1024ace83f887dfde38ae

SHA1
922416490e14f9098df969a56b75e7523f108e53

SHA256
2ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc

SHA512
60587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2758ff0ef37d35cbc7f2c2954b7cb386

SHA1
a919e0dd8c6ba377aea4d7d894fe8efdf4ad43ee

SHA256
0b8803a1dc0a89e93178a7eaf66e8af0be25e2a010284a32697355213ef41371

SHA512
2ca4b1c481781adb2e8efb68a02f18eb602c077131e0f5be8b6b9161f38be5a98cc3018a99fb517e41e6b6478adae2a1b58a197e6f49cf2bde9be32c92d8884c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c0224840526c54e53f8b597deb461de

SHA1
02455bae7bed2d28a9149a8f51c7a21b49299e9f

SHA256
b944fb3d245c78c276afe3360e60d2f7a234ac3f29c2499130cf90b0ff521d5b

SHA512
1c04394628ed3a90069e134cc2707d164e31b10ddccb7f7bccc515125d5333099aa57d6f8809dcb931c63149b35bfc409561f6ae34c6643ccbdebad19d1cd297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65f62b8282e8abd7251f743d52119ed0

SHA1
8922bc5da21f9ecaff7efcb45d4fe47b1c7860b0

SHA256
837c1cb81505257456dbdbc05ee4ede6869fff6ebd5295ec182dab241dd42067

SHA512
a087b6248d1c30855e8bd1f231611a775e46cfd878db068d762e15c2670c5d8173139d1e692300115200903ede7f4d40ec8963b0da5c0e1fda3644e2f58a0e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
563dd8dab85841e6279ca31b683e46a7

SHA1
41713bd19ae18ce2b775690ebbf64fadfb7a2f22

SHA256
4628f78c3129d6d744108745bab1f5dc1f3637548eef20f82fec85197259feaa

SHA512
0297bbfb0cf4ff84f45d2a4cd6623e1e462c9bcb1e4d34bdbb39c7e10bc5bf445c7650205049db409b05bbf69d2c9f7ee753eaed777de2a7368bbdd473c9a7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab072b06999ddcf57cb0059e83609bea

SHA1
23b5699f367cef8a930f6ae182c38a8b754f05fc

SHA256
fd97b2f3e6c6a8042a1af0d72712dcaaec58eae913753c1e6156858a8a7c4671

SHA512
6f52c9ea633dadfd1a07408b2e1f6e55fe47ecf88ebd368301657aac056e3e828e339904e73e2ad90ab0860b1640ad6cf3893b096542b152e7ec67c2c39e0e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
38e0f825a71c236dde48aa2f551fc800

SHA1
1aff06111b765ed4e382b9216101e1f54a09d73e

SHA256
8018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf

SHA512
28fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88cd7a475a1dd1c5e6c0b4394d30dc38

SHA1
e3d3896b90498aca414e4e49323d3571f6bf0faf

SHA256
53acaa25d68f85cdc0a0b9f36350d3fc42eacfb44eb305cbb43fbafa86a8522a

SHA512
fde0ae2b0c08f4b84a8b8fcd27af3c2d8e62d86f915e665fc8233f87f4c588bbf3d2c0d4ea4b5c86ea28457b6be6d05b70e0e13c20dabf294e6396c10f571098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57954b.TMP

Filesize
540B

MD5
4a7fd8435feb1eec5bb559921cf5080b

SHA1
d0c8d3ba7dbe06269f48894f80220942d3818484

SHA256
80fca3d71522da06eb06da73e58367a0ee25c6429da9c3d0b6b8f0f2302f1997

SHA512
9617a55a50491b1a9228aebe0d44513a2321e4d31461dddb3276291178d3f8b62c0a154404da3184d47e739344d65bebfccf0dd87304124538559b07c01bd529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8185068a2456a72e1b982d1fad333306

SHA1
d3280a3ab48354c86e24b5ed83740d15ac449f22

SHA256
5997bb306ee70299bd0baa19dd9942d77cf5e5276a50bea5adaf52e1ea3e9192

SHA512
50b4e7f31f548d6ef5398c500d4e79517f4a7ff07d54a37b3d503d369dbb405f618797c761f82dfcb78924491e28f12a6ff59b6138a83947b0995de94987d7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06e07cc87f92c83d2ac40d999f536de1

SHA1
30be81629c08945cce661427b55b2b7d35e8ae57

SHA256
d566b98ccd92284f2e239607ce2c764ce242fb2e98bd7019ba99db5c765e3d7b

SHA512
2521d533f2e4e0cb131aa109535b009fb2a33af6d9311202ee2a0405b14e9c6ceffd59a6b5e619de2af2bcd60ab4c87f6d8b6b83eb6fdb28bf50b38050244c1a

Download Submit