hxxps://www[.]linkedin[.]com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Resubmissions

22/04/2024, 00:48

240422-a5zhnadb74 1

22/04/2024, 00:47

240422-a5gb3sde2x 4

22/04/2024, 00:46

240422-a4pl3add9z 1

22/04/2024, 00:44

240422-a3hr5add8w 1

Analysis

max time kernel
106s
max time network
107s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe
1932	msedge.exe
1932	msedge.exe
1212	msedge.exe
1212	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1132	1932	msedge.exe	78
PID 1932 wrote to memory of 1132	1932	msedge.exe	78
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 4364	1932	msedge.exe	79
PID 1932 wrote to memory of 2560	1932	msedge.exe	80
PID 1932 wrote to memory of 2560	1932	msedge.exe	80
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81
PID 1932 wrote to memory of 3648	1932	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4d703cb8,0x7ffa4d703cc8,0x7ffa4d703cd8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
1c95896df0ffbb23eb960d2e4dad51aa

SHA1
0b29f562f13081ebfc1419e8765b6a944881e941

SHA256
8669e3fdeaaf0ca597c4607f9567cfb76ecf96e390d768d034a606419bb56fb3

SHA512
b1052ab917343ce155b8cc9ea1c33e396705709c42c34b39fd6a631c01095e2620ed2673de5f39ee189808fb686f877039620ab9e1e0ac9514924f3a12d00812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b842deb8f1430ebdbcb22bd417f0d979

SHA1
730a417e79562406a54e93934869358a941b1f87

SHA256
b2fb45699ebd1a9bd799163584fde0ded93deca70a3053bf3a208f1332a20822

SHA512
ca844c20e6603643d387af7d5685866265e91a8829326030dbbb55472f7569acbbf02519d375d913071424ea2600101c9f34209079d44c3a69e7d97c3bb7f8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cebe9082695203b72d10c2f71c3552f

SHA1
6634f8747573df0eb5b769bae2379df4a1fab459

SHA256
b18cbf3cccfff3dfb9b9f21133b7a4a83ed73733df564c49cf5192f9a5162081

SHA512
78eecdc328c0d63464adf216515cef8d7ea8e79fbacba09308e6ad108cd8352bb8eaede1472cabba596b5227573a23e82a7cfda511359d7c8a0811053090ff6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85224b3e1e5609f747b03729c85aad96

SHA1
61fad0c90768b6bc6153253f54b2f7fbf9c3f2ed

SHA256
08f8ef257ffb66ebab8dc958dfa036abfaab25fdcd231e1c40a082a43dfbfb9c

SHA512
fc5eb61f2f47fc2b3c0420a35c459a048642a74d89b516a6c67bf595b4a6b5419d88bc71f68ac030672bf90b02259710af82dfffb7277dee2f450fe6c175adca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cc90c9debe87e7d3d7b6ed27a016750

SHA1
abfb5bbcddc691378dce6397a0fbe4465829c7c0

SHA256
871fa3e5a044f6227bfb05f99d855909a1ccddf949a075b502ef555e89723a01

SHA512
875e3c7457ab0e547016c1acf4ae9285d63abf868dda123da2050817d55f4c69c83415f679797e7dbe5eb9c81f17ee2bb865af2848ebe530a06ea9daf8d7fc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe39afd63516417e813f8a9da8197518

SHA1
c9c92580d3ef94bfd33687902e2c74bc722841e9

SHA256
2bead9aecdd4b720e8273c3559e889cb5e3ef3864049ddfb77b3ee06a1b99f47

SHA512
abb6edbd03b7af152b66cd31a03e7920bd3b3d832bf8d52ac9a92ec00de0d405b7406e5d38f16488d81d043020f5e9f8187166734d2103002d4c850b3e89949d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55f9f5705e4d9006bbd97d665268dd02

SHA1
bb53f1f37709abfd1785adb2026568381fe69c23

SHA256
a1e333152fd4c8eb8402d30dab3955f290cdb3b0b4098ebc4a171f8c2e799131

SHA512
21a794c3abc8360b66760a3847d5efa96d44ca60492f65fea72e4eefd2d1e14a80b74886308dddc2d638b0ac1fecbd66306d3c5df01a8f5de1bd58064e668510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ddfc.TMP

Filesize
204B

MD5
fc581dcad3a44170024a208037e87687

SHA1
8b9667c439c05ebefe6cd502c89d4a99748f6ee9

SHA256
e79a49e06795ceb0d4b0209d5c59151ba90eb9af9017641587d19d9cb3c2823c

SHA512
eb81cb381ce561fb6bf055ff7a9628110a1069362a6ed76e35590eae512f47629ef8bdc36931010af8eb1320ee37c793f8c9abf98d59b9193bf8ac78aacca110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c2567e48f72d0e281b755be5752a541

SHA1
9c176202f8961568022dda71de12b3ccbdfca66f

SHA256
c1757e22e6a8c78dc91b20ed37801223dab29c377266729d8fe47b3482deeff9

SHA512
64febbc97ef0f2ad62b569f48347a169612de8bcb03c8c4cb5f5607b907f56230265fdcef03e51ea3777603c8ac86d5e406fa7499733309868def2350ecdde5a

Download Submit