hxxps://f7zv[.]short[.]gy/www[.]roblox[.]com/users/486902451530/profile

Analysis

max time kernel
145s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 13:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://f7zv.short.gy/www.roblox.com/users/486902451530/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
3408	msedge.exe
3408	msedge.exe
780	msedge.exe
780	msedge.exe
2452	identity_helper.exe
2452	identity_helper.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 5004	3408	msedge.exe	78
PID 3408 wrote to memory of 5004	3408	msedge.exe	78
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2244	3408	msedge.exe	79
PID 3408 wrote to memory of 2344	3408	msedge.exe	80
PID 3408 wrote to memory of 2344	3408	msedge.exe	80
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81
PID 3408 wrote to memory of 1072	3408	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://f7zv.short.gy/www.roblox.com/users/486902451530/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd89113cb8,0x7ffd89113cc8,0x7ffd89113cd8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14402818252802437502,8731047816502711067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a0ebdba0ec88dbef27eb4fd23cdbddf

SHA1
2cb643ec8979d41f9c3facf0b3236d6f14659a4c

SHA256
edd80ac71b98d086a58e18531c62d989a4c65d893f0b7ff8cfc77f162f60464f

SHA512
c4d20bd335d634b314f510ab794a5cacef384a2d52c4d989d96d16ec7fb54683883a26e776e0872c3a37dc2b70be9a1f9aca5bc3d545a8f85e253243bda34098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
044b5c14ca72f262e0f80ed0d6cb6bde

SHA1
896d3993e68c39cb8014a6ba3b0dc060301e8b47

SHA256
525fefdee10d5d1c21a60413183e11d4f0812d710804503bc36d4d811f1eef34

SHA512
c85a93c93c161b5aae91cec8d68a53fb417fdc67b4f48283f84c90e24a8036bf4e03e4f1dffa6f5955099b6d6a660dd4a65d7fde18c98bf82ee907e275d63dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a45b18e671f917d765ae81bb2955498

SHA1
15e6c0b22c9f5532d959233665859dc0c0e57661

SHA256
d4f83c699f4b9c791def2ce80478003b4e91a43e65d4bcc65d328e8c714f4b86

SHA512
4c749a0a7cb710251f15b7b990066f057628eb34a00bd9417a024eedcf7b4e4fc8aa839423477432a14d071af3a998b272f73b70a974e123c662bf96c05647d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25db32275cec7b8f6d90935f0984d98b

SHA1
d657d1d9f7af2b59d28e954303bb1e82c01d0895

SHA256
a07f099bd4037d9fc5b6858a495a0a21112c3835a56bb39deef67a08e1effeb5

SHA512
51b5627807d58f444e13a946e540098dc8701460c73723f0a89fef1590ca224ab123f58a150d5a5ea65098442d38d1271b1264f76c64091264db2d3658f27229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
696605e9019d573d878c40eddee3afd6

SHA1
750456b5797b32dd70e77143a29cd3a54484ab2f

SHA256
8fdb404b73ad2c1b1c802dc3d01b6c1e6fee4b7d3d23a78e1923b03ebc73460e

SHA512
f09f990fada68fbb7a0bc267646d276e031e76f4815a34fe46cc947f5c6863a580a2ad95cae97ec19ff3f94e4fa377da9cb1ff3cc3ca654704c5ec94f0a119cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffc8d07d8e6df22bd488f001a91971f4

SHA1
14e52e64807c914234236dd26fff73355d0fa981

SHA256
653a4427ef02d10d404ca17d2dbb37eab66c48b4e20e1810ce69fb8679a87d39

SHA512
46baba45564d704a8d0fac0403e0a239f3534725566ff607bc1e182a40ebeed21b964b4943c81600c3a8e0d3a3f821518c34a768585b6c16325a9cd67fe6df2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
223e1537d8dc0340f650837f1ebd4f92

SHA1
fac710c8f0ca92769ec5914d54321f97c0c04269

SHA256
260bd53e1926529158d0f7fe22b2636ef12ccb31eb61f3125501db9b50de38bc

SHA512
e2299b7a759ca75fbd77f57a8427a6234041f28388f133651d80be2532e4b22031aa3c7f3026710944bf9da10e05cc247bf2850c7ce92eca22d4b8e09e20e1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579c4f.TMP

Filesize
1KB

MD5
d3ef70c92ec46061bc14d84280c7de1f

SHA1
6aa3c1aac9912a939e482af8982dabfd052af6e3

SHA256
aedc8bb2e1b0d80c09871c3dbf6b85e62d151ea404b4d32c4c113d1b34967686

SHA512
22c728d699e18aa7611b5a3f4eeb29bcaf6793a9f25853deac50956ab6a0869e5fb51b5141b85dce2dd02517febefffe7f25310a4a99a48acd9d1a8524a41c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd9a8cbb47e887544704b8edd25234c6

SHA1
9e3e957cf9b922b231491ba9506b5a1e1294d6ca

SHA256
7f43ce16a2e6326ab29c63ef29af10a0418d6ef2420871612b6f65e5b0636103

SHA512
96be262a080cf6ef04d21976e641f6ba9e1517c7af93aff223ffc314890da2df27b822c9dfe27fe4ce0d8527edafc9e382a441e5ac6be023f98821448cb539a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd9657878e6a1e8a224bf8491f01fcbf

SHA1
62e5332cfb27a0cc0e6589a4e0da3cf7ee7f4334

SHA256
4f6158a6cb8bf88c4c68bd641c9d5c88f70686cb95ffcb62ce8c7486a54092b0

SHA512
4dc9220937c1630267814796912437953ef79811e19c2a36972963d691ae319cb9f8ea44d8b02185e04f17fcb12c9b20940a8c96d0f6364446570b77d897f272

Download Submit