hxxps://web-lnicio-rural[.]biz[.]site/

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web-lnicio-rural.biz.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
3244	msedge.exe
3244	msedge.exe
1684	identity_helper.exe
1684	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 3668	3244	msedge.exe	51
PID 3244 wrote to memory of 3668	3244	msedge.exe	51
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 3980	3244	msedge.exe	88
PID 3244 wrote to memory of 2256	3244	msedge.exe	87
PID 3244 wrote to memory of 2256	3244	msedge.exe	87
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89
PID 3244 wrote to memory of 3760	3244	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web-lnicio-rural.biz.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaca6546f8,0x7ffaca654708,0x7ffaca654718
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1579595475311134600,11383447701315527908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0bb785bdc0245d96cc2cf99a7aa8ef40

SHA1
cd93a5fd38060df02a8fae00bd675d13d3e46d56

SHA256
e44b8081f7bb3b60083be2e03bfbaefdfdf799bffb942ae9d2f55391d142cf13

SHA512
c85a901f9616607fa7ade43bc8b50c0f789a94cc303354367fe1b2e32b3ebffb31821bcd716add4cb13f1ae5269b382408beb27daf7080b624c54d3f400f60d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
510fbe3319692c626e84c497ee87dde7

SHA1
5d17c6ffb95063dce802cc02e909b0d4f9e56aad

SHA256
0106153f40a439bc1c82161ec8976a740f6f22b8c59e22cdcd754486a92bc6e9

SHA512
fa1af63a16cc1ff3c5b535edac080c13ecbb1632d053ff0cb8d1177bb650c9704a33cb285426c9222d2f1dca0989e466bb7ea6f8c377df203ab9b4198d46842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
193d5a7fe093a0f5d70d438d7b61d9e2

SHA1
a26d7d03dd167e81e62eac754496b6be14bf564f

SHA256
988e07acf60af62708259a43da1bc79a3891201e32e2603c35648f6f5611f78f

SHA512
97e96fd7926bcfa4f8f35124f4f5aedc1e764bcbee33da49f0e6cf3a6149a025829b3689ac947be81b98fef42367e365904f8426c2504f8bc9aa745b5d479218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95aacb2ccdf5a8ac8e86b18e32721a22

SHA1
06d75647d68e2baed47512979b1fdddbb29bb5bf

SHA256
3be67762cf77ffc1e6233fa5eebce6cc3d79cd98142347546fe6e1dc8b3eea2f

SHA512
59fa4c7eb40d087b5f080b4448bd9d65adcc2d561af2a1a98b54579e9d2d2f21abece44482f3baacb539c5bee8cb4d2f07f0170cb25230f4c8d83512ab720937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
39fd22a8e4fb68cd79199f6fb88dfbad

SHA1
5a9ffc743b07b5c55de2c37d8c51bcea5418961a

SHA256
19f4eee3f3a396b7ea7195ae7baf4536a5fc4e18d3a2230be3479434d980bc03

SHA512
484489ed698e2b7b2cb13150e52dfc5ba82bf032ece3d1a852da95d115ba79747df0cae8c3ae5a6f266cb219cb3ea2e8cd684990d4c4b36d9deb9ccea6b4b93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
5354bb1a75f97a3276ed41cb2d1ab47c

SHA1
0bccdd600522e668a68393579615e27f10a7260e

SHA256
3b545c6be671c6b966a5f63fd5591d38b59e1fda6171198d04b5ab30a7db2a7e

SHA512
93638775a883c6603bd8cb5dbf6533897121ee07f8e7f746299c3d52d4c66a75155ee064d1f169deded5effc41ab37d3e1b75ec728683bc99b8b5066eec87db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
c1e23081db58d4a38b2cb55e8edd013f

SHA1
f9d941a1abd95d102f3f84b7031eec3cb8c76571

SHA256
b910805a964ddea984b95b1a33645999fe5f5a8c8c5ed1d315adaa288e85e577

SHA512
278b7d2c10df1c06cd05e251db03f5f7e52514f015dbf1d1e7d85310f4d53ac35d7f78e8411b7f9ca181c5b06fea406facbf9c7f917e307e4c634c54aad98b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
5b28e2bd2b4a74e816a743013b68a4fd

SHA1
d88fcf0da897f6388056e6311af282ff6768912e

SHA256
aa1f014a7582e9089640b9491299fd4440bd57865e966de445255b0ddba06036

SHA512
a2b47801144d2a14828c7d52125d71a114346fa419fe76510c47379437268a68647328866b19c83f376c2096880c501d04f0e724bd813a9edf5d92a4930e0f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e7df.TMP

Filesize
372B

MD5
5d54184a90b2503664da3f15de8e17de

SHA1
01e921c802beef1cf4ef3f7a24608a8b144a91a9

SHA256
7e50988ded146802122bbefd47f477258e4022235802fe362c42fdb10b37a641

SHA512
2a43ce4dd239fd286dfe2ea92a4d84424d35256482f1be7ddc71f2f32af84eb2c48a572fe017b9e6d152386319ef868f78e2e001faf8734cb8fecc2ee0d349bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71bfe5fb7ff22fe73a010f812060cd7c

SHA1
b04e200a7b81a18f600327a9f9b1e1695c0103d2

SHA256
5a809b601ea1e7eb457dd767d771b377b9fc0b3c2a482c38f2396a3f3663d9c1

SHA512
ae7067de5f7a392edffda13366cf5eae938b63d50b77b78ace4e8499fe81167fdd2b2f3f55d9fe4360a574bf6291741e9a06ac8d28e77bc8886ed0550520cc8c

Download Submit