hxxps://is[.]gd/zCtajb

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/zCtajb

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
1208	msedge.exe
1208	msedge.exe
1388	identity_helper.exe
1388	identity_helper.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3492	1208	msedge.exe	83
PID 1208 wrote to memory of 3492	1208	msedge.exe	83
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2692	1208	msedge.exe	85
PID 1208 wrote to memory of 2692	1208	msedge.exe	85
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86
PID 1208 wrote to memory of 2968	1208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/zCtajb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb566e46f8,0x7ffb566e4708,0x7ffb566e4718
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7193543129713762609,16945568378364205723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
71348b14be0144033bf2ba7772a1d36a

SHA1
4f008ee5c9830d6c14ff483a2a955db97c22fe05

SHA256
c94e4d457893cfda42dc12496b9a3b4986a05f50ae523cfb1e2ffc037aabd7e8

SHA512
b45474cadd4afdaa476d45b1187252499a001443a7c09ba2bccf38c67175c6d9369b2e6fe5e524725f99e19649ef2a1f3a3bd9ce84090ef85cd6750c1fadd616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5522aa4fc87b80b82ac85316d3fced78

SHA1
547ee5ac27d6f6051e3ce874bd560b4f8cbffdb0

SHA256
656f68cc093162b6d3b665564850e52cf664f8546833b7bffed209f532d3944b

SHA512
cf528970fedd84ac6ce51cc26e4d6f10127252e060b0c1144367badfe6f8d357b90b4b5acaa7a51d65d2b6b0e54546183be0a6df1360f2edc8358ee1cd0f328b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3277dba31f1206fe09d07f55620e523c

SHA1
9328c3677e5913e08b7e72f461e033808d171a01

SHA256
a5b086268fcc37ca15b5c4e21b89a5136c578e6df617e735841271b6857a0bc3

SHA512
84998284e7d907cc85e4473e7308c2b9ce9a5c96a8c1cc955412649d7c0c171a688821554cc26ca21d7db31bd78623a0948e9d57b5edd6693dfdd7b7d5f7e300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
690B

MD5
2da8086bebc3dc85402b0230b6ee70b3

SHA1
f5dbe10aeda1b75d12cdbacf230f7843b1a13caa

SHA256
645aa9875319fb6a8f795114bf60a1407787e88bdf4ddfe488dd496d0232572a

SHA512
113a2a0531463353539600d5b6eb811db85901e0cec6452d9253786c46518ac1d2a2e113a6a6dfb9f13a7f4edde02cbf27df0921b430e51bda5ab0f72d9f3b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
141265a7f3e2dad7b63347cf310e3b06

SHA1
76dd3b592fd5243b1081f530e36745950b610103

SHA256
fe5eceed5d26c28f8b129ec9283d83bc6badc792c4c5b609b6395b2ad6a889aa

SHA512
b29b263dbb9bd1a89b9f69139f15211f9891e2a2c24b268d1834ce5711d3bb0fb873317f6fdfb0fd991d5a1bde622c9037382bebd1f6b71172aa4b19dc2d93df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24ad22b1d40b1450e5915369afac54df

SHA1
d98c9d64b5c4219bac176f164b6c7dda7c520247

SHA256
466681843f02608f4b44653230fa5f7365d0d56a9e24b7dd4ffce730b3d69051

SHA512
8d8c2c457646c9de7666e83ee22a2dc2f7014e30c7b7e134b5465ac81c00e0eec8da012d719d5c770a5050e5dd343842e87bafa1d4a1582ce0b155c8ce5051dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e6d002e1eca4690c1278f08df86ff7ba

SHA1
65cce66fa4cb85df2f5eeeb742f8ac90831fd37f

SHA256
3a6d8f9addb60cd14e2526cd26f357f28abd8917951b167fda7dc07f9c9b3e34

SHA512
2dab02f6a57b688dcd97cb9311d70dcd0a4c0a392a01aaf5c69f1b6dcafe0787a80c1e1a84863e4149ae466c14219af2344e904105ef0ca0682f66ce12f8ad2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c3ba850227f385830a7bc959f46f189f

SHA1
1895f12605c693f96d447f973becec2353752cd6

SHA256
08d6575d432a3ddb5ffa41d55cf6d524f4084891c365c5260080e27ce8baabbc

SHA512
aecb9ec53453143a42082df45916e6f2a6d7286136a71016875441c448c1e3f22040f6823d4b153967a2f0d085b2a94d9f252a395997ffadb77135ccc7f147e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cc63.TMP

Filesize
371B

MD5
071aeba83b801612f91f0735fe79168b

SHA1
bd46bffed67e046ca0634849e260760ed0a54057

SHA256
b3abf36ceef2b22660cab093cfa7b1f8870e0a4ccbdbc5d58ac8e30c459d0f1f

SHA512
c75ce12bbdeb8b334ee0e8df63a251a0fd0035269009036a8151489ebadd8dcb4760bd39ee3f49efea0bdda4cc9276618b76eae2a13ffe35aabf834870aaf238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4c7f052-aed8-4274-8678-4bd3c4ba135f.tmp

Filesize
5KB

MD5
5dd07c7193f50f7fe70e11a6ad310b57

SHA1
0b25233fbdc8061b26922676100426016108ca16

SHA256
c3e716450693f25c9cb394963f497b4aef7e409f3b73225f350f6eb9c298b6bd

SHA512
57ebffe400acf7f0a53893378488e17b8bf579d5f5068848df14722be0cdd844c21f12cdd3b0b7a2f60b3d3b12df233c2adaeade70cb56636251c34acb4dbb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cfa070772f1a7d9c012b467c763dcee0

SHA1
a969aaab874b619df15780e325da207eda90f876

SHA256
6e3fef0dced56e90ea3ea3f0be5bcbc5a9080e0e0c421cad7f1a2268aaa44146

SHA512
69a882d6ba6883dcadd8da2b229d7ad63b9fb98b51359db62207f0001f5f2c314c74be516c3c1aba917c4ceb6be75080e9a9f240bb84d8d0191a0fae4edd235f

Download Submit