hxxps://gtly[.]to/thtdEbcNK

Analysis

max time kernel
248s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gtly.to/thtdEbcNK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
2372	msedge.exe
2372	msedge.exe
3144	msedge.exe
3144	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1592	2372	msedge.exe	77
PID 2372 wrote to memory of 1592	2372	msedge.exe	77
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 1184	2372	msedge.exe	78
PID 2372 wrote to memory of 3920	2372	msedge.exe	79
PID 2372 wrote to memory of 3920	2372	msedge.exe	79
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80
PID 2372 wrote to memory of 4256	2372	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gtly.to/thtdEbcNK
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa636e3cb8,0x7ffa636e3cc8,0x7ffa636e3cd8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,4633239060112238007,16091293333964999357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
80cdd53a4e92288f262cb0522d567d09

SHA1
28a74762620cb7480763a07042975643e1341418

SHA256
cf1cf38b9eea2f9593bb6106c33cb0e989559fe8f6b4dcc323a7b998cecfdfed

SHA512
2c5276f4df565415241670406a156ae6900987ea94b5e8a001ec0e6f88d20449050138fa88516a71b96a3767b1cd9e7179a998a11467e1cecb1ed685fd7e0bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
91c5b2c7ab92e48756719f706f4b7120

SHA1
8a32d4d745f0147694fc7c4d0c16fc431e220e64

SHA256
04358c1a39646bc7582f68f5b18b77d3cc8b8a09c7a84a5ea73af6a6c9848cb3

SHA512
c1b5e38ed745fb94babefc88eabd83159ef8450c677ad4c3d5ca6707ca03fbedd9d911dea001405d4f01ad4ad56e85080ab50aedebda7b4772e0f7b3c3059e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11e8d5cc64c79504652efd0015808b93

SHA1
88da98a319e522e75f6eb3c06e73cf3c672328df

SHA256
60d108f9d53df974d1a32a289744b886585495a03f7f41cad7a335ff68243843

SHA512
facce7ab0c30b551d4af32f6ad5d7a936ac64b1ab1a4e87d0c021788bac51e59cd05a5180548fbb0e976ce75bf338924c805d9ef0e335d5dc16a1b6fff53de46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4eb2c118ed1feb722bdaa50dfe99f9bc

SHA1
7bfe69410995bf2f17eb6360d87702d1173a6821

SHA256
02016b00ab2deaadf9856c0477136f3177d9918ef04a93a9f942705e370915f2

SHA512
6c915f0359f39ee17663c9f29a70c8cf7ce3fd0272d0e11765cb1ebda68e6d9ef968e09d08778bf3a98e176ad4fc3fe47dafd216a5aa61002d45fb688137fab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
778f3b6f7b86a0bb9c9fa21c5c0cc0fe

SHA1
e0ccfdedd004c6eb7939b0eadefa395816b45e32

SHA256
b7918ac677f8a870d5d0a695a69626af9ff02f20962fb423bb8d3e2f724b7017

SHA512
dfd048fd5ff2142187e7c45c265c2b82994decece4f46b2ceb4a35c7c2004134e4ad9368d2fe5dce3f1d8cfdaf69223aedf995ef0406a83b34afbd90b412a620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2489de072faafc6b6d047ce0eaf59a6

SHA1
065be127185cad43c65513ab907900b0908a3061

SHA256
35f74ceb4e4cfdc5296436a9e786ec3bec21e438bb31c0938c698882245e6468

SHA512
a0a36544aeabd655d6f7a22560f6fbc7cddd7197da9f83c7e5680c0b2830df0204f2a94e08eb0fcd7dbe5546d751838c88e9146e5577c163a7a716da25e58118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62b264898f4e74dee516ebf48b94a6f0

SHA1
e64eb2e3ce6e78681e49967f0e1724266d4496db

SHA256
2afc298df02eb7dadea35a08f705ce486c9d69be00879a475a2d82cf0487e33b

SHA512
ac60ef1e3f25b2f90875af6ecb4a9d7ea95bf9b6716527654d8f0d63afc8504b6d16659f66ce184d5a0f5ffa48b411aff9ee8063f36d5560a2f8c7c324f56599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
345f22321742d8fa21ac9169dd6475f9

SHA1
835a6f494af52d914dd8a2fcbc630b5b731b1f35

SHA256
75ac82c0839710bb5ccfac31c30926513111d307349c7467a0cd8ee37ef46856

SHA512
b8da81953bf8bef9c3d40068d0961c53585993fa7a16a466ed51315402d4c87d390b493329b98c81f2f44c56a85a1b5782c31802e9d3ca944c0a6b9b19b2be0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3bb193ae47e538206e7f2559ab3a7b54

SHA1
e3d48d655ea247edddb82e2a6c6473d380b8421a

SHA256
b24f33d6ca426f156871690566059e6216a7b7a9acfbc493103d1834d14b0a98

SHA512
4c2e74de1c825d33db2b444a4f1fb7f11aeb9aef0b535dd88f153de777c6fd3466bb3f816d0fcee9c397255f482d76b452ee4faee6835a7a2ae0df6885a206f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582536.TMP

Filesize
2KB

MD5
190a65a2e6f189008c8a7f93ec7e90fa

SHA1
2907c3e054de38390fd5689dc3345642774d67a7

SHA256
b2a3a93e352e476e95fc0ab0aaa7afb8bac4ba19bea4e3cf6bbb8f477dcb33f7

SHA512
9d655fab5e294cd40cd6064114e2632b4697608b0c5241800b2a25386c7d2acf1bf1396f48940191df9005ffec8169ff2fb965e9e946b508e2c79022341e52bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce5f147add26ef6eebdfbbf6dcac2a3f

SHA1
ad42ec074f08ccedac681b402ea72337fa48c3cc

SHA256
dbe3f7e488243d35a3ae098d2e075a3b061241fe529ac34c8eb2c41ce51a0fe9

SHA512
b5fcab8e83bf132b068c6118f9cbffb557d22e7d1b1adf59ad319b833d773aad0b0a17cc0705de9596d92a2b4f0d71b30741ccbbfea494de69a5b3f45d472772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b43fbfa078962bca7b482ff186104733

SHA1
83702cf382da9af99e3ca0440b9db8299f41473d

SHA256
35fc33d4b14f24e24d9d1b06eab7ff9ea9b223ce99b18cdbf777392c1452dc2c

SHA512
2f688723654bb31dfec46e7f3da02109cd080bede9b19faa4589e7fde24355d4b7554af4529faa9d506553d8e5fd202fe4bd2b792567f22e31799d028e29b5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41456ad2549de132ef80e993205ed79f

SHA1
06564ac7b268681ab0e8f10cc2c52e7ef16ef1ba

SHA256
a051ce843186c088dfb4a561b45e71fd2fe9d46dcb99bada56b729f30f7a7ead

SHA512
3f21c1a32138adf112a44131e3a8203d0f188bc53efe0acce8a600e6223f428f02fcc2a590e4696face4bb2b30e7071de754d3e4b6748bf120f44cfc2b87f60b

Download Submit