hxxps://web-lnicio-rural[.]biz[.]site/

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web-lnicio-rural.biz.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2152	msedge.exe
2152	msedge.exe
408	identity_helper.exe
408	identity_helper.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1740	2152	msedge.exe	52
PID 2152 wrote to memory of 1740	2152	msedge.exe	52
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 3792	2152	msedge.exe	88
PID 2152 wrote to memory of 2060	2152	msedge.exe	87
PID 2152 wrote to memory of 2060	2152	msedge.exe	87
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89
PID 2152 wrote to memory of 1088	2152	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web-lnicio-rural.biz.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x44,0x10c,0x7ffe461d46f8,0x7ffe461d4708,0x7ffe461d4718
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7886750777602578926,3724935996688481594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2f8d0aed347a20f433105b39f5ffee9a

SHA1
79e27c7e0b14469e2b5ca59d984a52e6e05d878b

SHA256
81beec4a9d4b3a15d75102b5867b2d7bdc295de6116ebe666a8aefc1596f7c26

SHA512
e9840a0b165eb5a91d6483138191532e23ed63c990c8e115a3d2d0d6e1e936518d213666e8d2b3a38412ce312a06c9fb56f03f9d91f78dede3707efe878fa969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
510fbe3319692c626e84c497ee87dde7

SHA1
5d17c6ffb95063dce802cc02e909b0d4f9e56aad

SHA256
0106153f40a439bc1c82161ec8976a740f6f22b8c59e22cdcd754486a92bc6e9

SHA512
fa1af63a16cc1ff3c5b535edac080c13ecbb1632d053ff0cb8d1177bb650c9704a33cb285426c9222d2f1dca0989e466bb7ea6f8c377df203ab9b4198d46842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa64232ad1b03e493792ec17be5f575e

SHA1
4c15635d0731cbfc34ac59ad1dd6ce5423e7b2ca

SHA256
6c3417e6f00cc26eddab693dfe4312ec64d88d33106f040a0e1f64c353fe043a

SHA512
d1a61dccbb1c7fbca6b4cafb16794bff8f237a8d6547b65ef3725a1ad5b5462771c7bc9eb02de11b2d571069530708183267791fe6e1127382ea0393eec46157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb1332e257abec6542541059a0216205

SHA1
15c797f43123eea7503f86688cdf2bb20fffe06d

SHA256
db639ed3ec950bcf294f0228cf691c33ca0fa96d7e538258bdb690bc9b6c6188

SHA512
55adca4372a650046a302de92260409d669a86477dca731115a48d3d5797ca61b0524a21baa5c0d501b829904ce79bfbb1e8f4cfa738ee099aade017fc5c8be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
86c31b9e7b87a338680c6d3826b88401

SHA1
e0139ecc3fa2e6c7563625db2b374c98c7a05dfe

SHA256
f65b711bfe4676266792e400350eb3879c195694fbe8027a43198b0d5d805d05

SHA512
e37abd52ebfb4bb6c4d50ba08d8b0b12ab4bc3674a868dc4d2fa34c14d7343b7983413297b4bc6f8815f9df5161b4290ee748b6cf2a7cde1210c1c397fe7bd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
3d7295f9317024c71446c73d297b1f6e

SHA1
ce90032f4668a8a2f5d5e960cc5d080eeadb0b73

SHA256
7f90b5cb11235e8e2633fa2db54acc14b5a368dd701385b4a5324bf54c8954c4

SHA512
294e29ae3471f2fdafa0329401e85544744f3a428f02c4d5de4515d474a6efc078ea9944ddd38be75e0341110cb46d4c480ef0538bb129004ec9af4fb2f80276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
5e6fbc3c4982fd75ce106e0d0440fbb8

SHA1
ac39a5bf66185ce5955e23efd6807aa15ad9671a

SHA256
3f7c2de2bb084bf994a28b4104dd179f7d9a53b216204a59836e50ba07dba4a8

SHA512
2e0c07131b4f053bbbdb3602b6f29d19382f85b2937eec04bf34b7a3089d62bf2155ffffdbfd1338a3d5edb313f2fe90aa83064e7cfebcf622de4b0266b5f304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
205c332f6ac50981c1370d536e1a513f

SHA1
6ce1c432b8c0b91b77326ff6b1e88b84618807a2

SHA256
bd0e34316bea8ad304d11260a25bf0fe4fa4c5ba4a99647d65b06c589ae15b59

SHA512
10b6d41ac1b94e3175b1440c61b0aff6c9b7fe9e29e51f480fbbf6bb69631918ea5188a8dad3d04b51881fe2011158088c2dc645e07cea97f93ae9c8f95ade03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5877ac.TMP

Filesize
372B

MD5
99c24826c5ca666c526cd554d8117b03

SHA1
4e2d3d54ce60212dd8fd721572b6afc508f93261

SHA256
b7e659967f4d84e2733d30b16cbfd30f88d06ecfb64f063b285f680ae2e276e2

SHA512
baa1b5368b7135fb194db5ed94b9bb6b86ad37b357f16d74ac6b93e34b56d433945b34d1fc9c74e33580680a335425ff7508585c6e77959427e992eb2c906d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4615286ba35d82f6bae3008c56cb6bcc

SHA1
c815f4defef3736d2736675acd68709a1a7f87da

SHA256
ec3dd5c600f2d521a80b9db4ccb892d471b93da072a54f59bb86255e91a7fb27

SHA512
92f9d3a96e3daa46fb74e5fd0abf97fbca4a32624b37860a19e780b60f2a507f95c696350d3edb2891853a38d180a2dd3313af3801e87c6748dfbaffbd40ebea

Download Submit