hxxps://shorturl[.]email/e/ExQUjixBxgF4

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11/07/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.email/e/ExQUjixBxgF4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3372	msedge.exe
3372	msedge.exe
2948	identity_helper.exe
2948	identity_helper.exe
3432	msedge.exe
3432	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 1832	3372	msedge.exe	81
PID 3372 wrote to memory of 1832	3372	msedge.exe	81
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 2904	3372	msedge.exe	83
PID 3372 wrote to memory of 3608	3372	msedge.exe	84
PID 3372 wrote to memory of 3608	3372	msedge.exe	84
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85
PID 3372 wrote to memory of 4648	3372	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorturl.email/e/ExQUjixBxgF4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8c2c3cb8,0x7ffb8c2c3cc8,0x7ffb8c2c3cd8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0499f1feacbab5a863b23b1440161a5

SHA1
37a982ece8255b9e0baadb9c596112395caf9c12

SHA256
41799b5bbdb95da6a57ae553b90de65b80264ca65406f11eea46bcb87a5882a7

SHA512
4cf9a8547a1527b1df13905c2a206a6e24e706e0bc174550caeefabfc8c1c8a40030e8958680cd7d34e815873a7a173abe40c03780b1c4c2564382f1ceed9260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53eb880cad5acef8c91684b1a94eed6

SHA1
afab2b1015fecbc986c1f4a8a6d27adff6f6fde9

SHA256
5cb8554e763313f3d46766ab868f9d481e3644bfc037f7b8fe43d75d87405a27

SHA512
d53f3965428f73c0dfed1d941a9ff06eb70b254732410b815bc759b8c7904e11292ad7e9624c12cccaed6763e7bea68208bc0b67fc70b7616d25bda143833794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df2f381ace2ac2b96cd4633a102b788b

SHA1
f1720605c1334dc87c79c7d3b90538fdb0a13d1d

SHA256
226bbb90b709ece24ef0a3f9ff973a343f6226410dcbb6d3e3a48080f50667c1

SHA512
658997286d6cc5ec5d39c652c15c6b46386c68af321bb5394e239cac2332f11199410044bafc6e1e9d01ff8090d293ef496275678fb2babd1b5fed25ac31ec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
31a9d6b6c0d9200da9fbb2aa9554ce00

SHA1
813a1723fdf7dac258db8647e3158cdecfacae4a

SHA256
95026f830b04809184221c5d56bd21920ec2b03137e54ce5c6202e8b82fdd6b0

SHA512
4adc22b18c8a2322125408c9399964821b0523aff517e4916769e052cc8537b007db85c4d6b17c4676e2a486372df2326094bec5ec561c1c132d4f3c384c3abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f544756697505c8cb98ee3ba980f6203

SHA1
386d566a80b0ba162ee937b91756f3cf4c2aa2bb

SHA256
b07cda2c295e47db980d1af741b987d76eec04b003d5c004a6bf93d46fcbe2cb

SHA512
673d287d660712257780a4d0ddf3a4e8867edeb88c982012fdb468bef5468bd7df7cab24ca2bd6a9e5f442d8954f95ddde98a4132a792ada531c507cf54c7a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3e1ab8f4071c8d09cb33d32a47f274b

SHA1
5bca95b46b3d9a448252f82d9efb0bd86a1c26dd

SHA256
b0ec76d0684931aee314c0dad559633260d053a10e92709829878b78246b69ea

SHA512
a4eedaf3713419a7d442f221c52e9bc294f738e73388712021a96b03e985f13421dc109b03c725828428322355406dd94da9dc3957ed8ca6daac6b4994a25ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fcc5cf4c73b29c9a9f3d8a43ee459815

SHA1
40d28054ba93ac8b0a892fa8af6663210f159325

SHA256
0f804560bc2b9027072036bcb1ceee989fd725c25cfc67ce42dcc1d48d35eb11

SHA512
69bd4970b12c87e543f77ff4243b5a650b9970313ad41b9c8849cb32c7b502349aac63eaf2f940d95b49df665195cffcebf245fa3366e4763ad02fc774e475be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a44790d0d2cdde5a2f20b089fc0fc0b

SHA1
4779aaac63e71dcf881033d6d4a7fb7be37ad529

SHA256
9765003901fea855405df5bff6539d8ec1ea04971b0c80bec4caa60772407729

SHA512
0c20b62849d2c3c1fbf9b9fba2437ce3f1ea5532e7b73e9dd030a3ea259598d60134c28bdbb4a7a8e01304eb3d55e74caca6e82596b428699bd6066461d3cafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ea2d6e687105d8422bcdf383a9a4baa

SHA1
3796db955132b67d40dd8f9539530e8a385504d2

SHA256
51dff5624ee35a4fa0c0c3f56416c25966d741f421522116044364c3924db959

SHA512
15043cbfa8a755d3730c39b64e5813ff9f8b78b7a4401716b11bd0b1bc05767c6d7de8e138ff1ae67fda25ee5f067ad76dfcdde82e48972fd18ef8a4e04235dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836f9.TMP

Filesize
1KB

MD5
a6e56ce2697792c4b73e2df3f27f0c66

SHA1
468ecdea81af33cb4b78119acc2c925770ae4e99

SHA256
0c44985c6672ec7d930e7a3ad04b3222b1b4dbb3337b6549e80d7da9c00b9aa6

SHA512
428604c47f0e5bf8fd6dc62d286afe135550102e78360787fec8db66a2a4a5b82dbf27e8bac9528057a185684df9ee0287b45dcac6f43ff4c2666177ddbedfb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14fd09e4ef5dc35d23bdc8c7f9108b62

SHA1
66ca837098388be8ecd28ae62978500b08fc46a3

SHA256
8d64c560376ecf3d265f1f495aa6be30092998f543f7e6970ad7c3adf5eaa6dd

SHA512
ad2d6f60587259540beaab034bdf37a79cd91479d2948812d821cc19ef8a3272534c9ea2a95bce131b3ed1d2469d39dfe25316c0a4540a5da606259d2562ac5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53b2bfb51b428506fc6677b3f7354d86

SHA1
678bd64c235023dfe3b9e2a56a280bbb8e9c70fe

SHA256
a6d34c670e28719160e0fa07744029f955ee3acab742c6e2859353e161d1666d

SHA512
f72ae2f6db5403b034e7834939c0953280a81c30a8029b2c818f5b9da7d27f72c52e5492a4494ec4d14275ddb266a037b9933b1bffa4a1c0e11cbb6284b019f5

Download Submit