hxxps://linkvertise[.]com/465922/nezur-executor

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/465922/nezur-executor

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
43	api.ipify.org
46	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
4540	msedge.exe
4540	msedge.exe
1000	msedge.exe
1000	msedge.exe
2152	identity_helper.exe
2152	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 244	4540	msedge.exe	78
PID 4540 wrote to memory of 244	4540	msedge.exe	78
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 4876	4540	msedge.exe	79
PID 4540 wrote to memory of 1536	4540	msedge.exe	80
PID 4540 wrote to memory of 1536	4540	msedge.exe	80
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81
PID 4540 wrote to memory of 2556	4540	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/465922/nezur-executor
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b9b23cb8,0x7ff8b9b23cc8,0x7ff8b9b23cd8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,2947723531698986470,12613421420222496906,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
672B

MD5
1c48e6036f1f30aa5050844a0d7bbc70

SHA1
c8b80356bcce6ab6d8316b14697d8225500d044a

SHA256
d5b78378c53ac8eb9f9ca3fcc27423033547db29f2b21137b2a940f8256b9fc7

SHA512
fc14f4474ffd0cc588f4250acaafd96971e8e6793daa308fe5d790d41a369a70586a2a3206b962c0725765ca7fa9a63e49014f965d011a2911bfa72fcdfba44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05ccaf073804de438e7a0d8edd54f122

SHA1
f2771cef7d4d284d4363fd2d8b0164f4d97cc583

SHA256
080518a37a29fa516c606c3828df22de4bf9b9c6b4416b75a028329764dcd4a3

SHA512
7b3bf75eeef0e7f6cc2518bfcead200d812d688e05627bca8913a2c8aaeb356311a51799c83be8a42f35b794708324c30a37ce00158b726b441bc3d9e9a2ad52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da2ee94def848cb65c5c50e909ac5c60

SHA1
5017a270f9895ba6cec6cb471501f044cb67af2a

SHA256
8271c5e72161498c3909a997f8999e10b01c904c715b4a57f604f06fba17b537

SHA512
cd5e73c5269591512e8750a6af57aae0def8a025523c2f3748e17ce6394d1ff3cb4329b9a8aa2e217932f00420b31d69ae2e2c12591051c65950c71f68eeef98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d43d8177bd5e042adb2dae30a131107

SHA1
88be31e25f6b916b67608323abee9d291b071d79

SHA256
263fd9a7078e8ceb18ff4b329a7be1a116ea98bb891c8a920a6370976df3c082

SHA512
306c1832db2a80c5fdae0b9e10c09c159b41e9f93c619993920172fb97b2d06ebb8108ff93178a0c15d0bb875c1a249519e5c193af138ed17376f973d689ff4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e34bde7e68c0673a8e8f307c5d4ff206

SHA1
771acacd2536ed80984447458e42bcdc9e1ae3f2

SHA256
2e244efc00aee0731bb2a1d292fb35d5993ec1d28d630b12b8abebe9e40e8c45

SHA512
cd262bacdc96ef9c298f1872fe0ae03f7e6eaf38f3d3a544812a79f69075a768ceae13a299723b6b8d1c0378bd3d5cf97f68174875c48fd9fb191c7346ea9918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5d386ef724e7e727644a35131fb111f

SHA1
6a2e2a105d79b4236f7222471e46656ef6c3c9e6

SHA256
659576936a49862d6b48bf70da5a96a0ec77e9290a0ac4182dd365837cf778db

SHA512
7ecf828835c33b04db8ce8f0fb8b5383f3f54bf57b4bc5e1c019df2c7d48871d6b13d73c616dc193d5a71ba6a80b732edfb4b1c58ec7c6ed59b4fa6c47a93c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0da.TMP

Filesize
1KB

MD5
35f5003d3cba581338a9ce52a2c3ea5b

SHA1
062923a184bb55002dcd83eea92f03c36ec6270a

SHA256
8d8181a47f8447bdc2e860cb05dd185abb358abc96eac0e54958ea7e0648ec9a

SHA512
f8d39285d033f0a9646db813794507286293300584aeea35292622e4ca854f86f9a897266570dde0fc40d16812159de400dcd5090d1a4ffae4986d7aabfeb806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
588a80ebd1c10b33a540681c8048c9d4

SHA1
4786f7a8bcd862592d3ca96f744d99409fa3cd47

SHA256
f910b979b237f1e068af168d93e5de16fb972198bfeb7a95b8a7865117727881

SHA512
6caa26d886f7afa6cef8f0bf6778b79138a459d63237f43712a75eaaa0b27e08f5fb507b82d079398eae5f326ec9509ffa67a195ed9af450355e833dbdfc9fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb6ac9f904cdbe48811a899721823940

SHA1
9616b4495e45b2044823feb862f84bb9ec64e2a0

SHA256
b7dc35f91e13889bcd7587c59737c05ca917f701e4398876ca37b90b2ea5713b

SHA512
4a6d1d517f9ebb1bcf06d96417a41e1fd2db3fccdd7e86a3f46884de8c7a7a902b4c7a44115aa02735e449b494800b76759b6ec66a3358732ac013e3428df63a

Download Submit