hxxps://click[.]convertkit-mail[.]com/27ugn8nw26t9uq8wxlcpfro9v444ug/58hvh7hm3o0ekvi7/aHR0cHM6Ly91cmxzLmdyb3cubWUvS3RLRllDZS1tRi9lL2Rib3VuZHNAaGlsY29ycC5jb20=

Resubmissions

31/05/2024, 15:12

240531-slj8qscc3z 1

31/05/2024, 15:03

240531-sfagcacf67 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.convertkit-mail.com/27ugn8nw26t9uq8wxlcpfro9v444ug/58hvh7hm3o0ekvi7/aHR0cHM6Ly91cmxzLmdyb3cubWUvS3RLRllDZS1tRi9lL2Rib3VuZHNAaGlsY29ycC5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
1400	msedge.exe
1400	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1920	1400	msedge.exe	81
PID 1400 wrote to memory of 1920	1400	msedge.exe	81
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4832	1400	msedge.exe	82
PID 1400 wrote to memory of 4968	1400	msedge.exe	83
PID 1400 wrote to memory of 4968	1400	msedge.exe	83
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84
PID 1400 wrote to memory of 3716	1400	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.convertkit-mail.com/27ugn8nw26t9uq8wxlcpfro9v444ug/58hvh7hm3o0ekvi7/aHR0cHM6Ly91cmxzLmdyb3cubWUvS3RLRllDZS1tRi9lL2Rib3VuZHNAaGlsY29ycC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4476099796276058844,7707261665442063922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
85d2f367d05d8123979a413312d5dc3e

SHA1
4b4810bc96059387cd30410d58e2b232c5eb4de3

SHA256
cb9832017a32dbd203c140c93e139eb2c2bfb46f0c0e1eb9f7b83b82a4cf0707

SHA512
bef15dbdefa54193637097a21f6a0bf5cdd99b64722878321c5ba8ad509df92a79cb2d175da6edadcf236a96f0edb834c2cae350901003ddc602a0f336e8e77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7f1c9c7c0b15633305b1257d60ead78

SHA1
94907b0b7bb3ca4ad150c65289ab283692324e0c

SHA256
d4f2c46dfda76de41e97f362c5779644899918a946969d2b4d9fc5e595cfad4a

SHA512
05808a801c7cfb437e22b7d56b838dc86c855dd179bf53bb0f12644028330a0adb53af25138579102f314551309b529bcb6844df7a5f8b6bab2957c9a2d0c34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_insanelygoodrecipes.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e9abed067572cb8eff215be444b167b2

SHA1
75d11594ba73ff2dd47857376154b31e5ffdad91

SHA256
03a5f0a417f8c25f92bf6e6e427cd28a3b0cf4b09ba349b2624801514a566b58

SHA512
18f0090fe78895b85b05b241071f245436bb274680ab2e73d6d14968383d210654e98666c3f99e2d3442ee8109ca62bb9a54926c1d314c0ec51ca026f830dede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
01126a1978e044c13ac7c9abe31317da

SHA1
4d2b19ae2ce4120840defa58ce39c9c868d9d017

SHA256
57095f196b3990f4616bf5d8415ff2fbe71693583fe46b152bfdd84ab337dcc8

SHA512
b88365102f71426c5e5af0cc36ba7eeaa595714c8a1a3236a94fb20823216b04feb85427ea14a7f3de8d96ff5705c0d18d4e7faeb9b8ad365a7958f37dacf6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8fb4c537030d9e4a267a769d9158aa22

SHA1
7257c7b040f68df48057bf43035ddb145c50c14b

SHA256
200b7309cd71406683b9c14cccde31bc7bcd5e43476246f2678169ea30ae4fd5

SHA512
03eac62aed3d7f7ab4f3a3f4ae936abfa1130ab98ff20e771700d090e3b3cab2b16f2b3f585ada500f38e50075b325b26ebdbb62a16facd30ab5bf24a2d3e482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d8ce17edb36041cd574dba82c77d60b8

SHA1
34597bbbf1226f6d67caa36beef81914414916a6

SHA256
6e66b9bc889e8979081dbee5244eb013e68ac22f080eaf97b621899568abb3cd

SHA512
549ed274df102181e79788e6c4d8f4a07f3b98cc997b443f1a868ddaa0b3df0907b35dd3467294e3f2aaf8e87146717b4eab91db25265442348eaf9c03768f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a1ce.TMP

Filesize
48B

MD5
ca0291120f04819650bd5c4d9d15974e

SHA1
b879a0763b7cf6a6973ddce7558d43074b5452ee

SHA256
e2663aae8e6cafa381292528d1b0a1c4776afd7cea49abe9a67b9e5ce88a366b

SHA512
40d111eb3632b585fbb95d130b8457232cd00de6e456660c2f1b4f6c351f998aafe71728d273efdf1a8cbb727b94e31e85bc559c05d9e8351750b963f5f8436b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
420f8416746e9ca5721709e4d5150ec2

SHA1
635fc1641bee9d8de97b89bad42a5202f4001a6e

SHA256
7bbafe118a1fb5919c4b72f76b379b0a06f8bf85b54b05f2c228e1aa4a45245b

SHA512
a925b118659ec6c53b286e5edac23c92eb3acc63290ebb65cf9f69e8f16195d94dfc3903f9b8ef3c4a98bb19b534754968767e00ce0c7ecaefd2561e75c6c72a

Download Submit