hxxps://inventoit[.]com/ei/?63538841

Analysis

max time kernel
80s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://inventoit.com/ei/?63538841

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2344	msedge.exe
2344	msedge.exe
3152	msedge.exe
3152	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 1632	3152	msedge.exe	87
PID 3152 wrote to memory of 1632	3152	msedge.exe	87
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 3704	3152	msedge.exe	91
PID 3152 wrote to memory of 2344	3152	msedge.exe	90
PID 3152 wrote to memory of 2344	3152	msedge.exe	90
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92
PID 3152 wrote to memory of 3492	3152	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://inventoit.com/ei/?63538841
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d6ce46f8,0x7ff9d6ce4708,0x7ff9d6ce4718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16664637353785138206,8642041565859934477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d74a820069e1537e3aba4c2777ccd328

SHA1
5ab8dd7a488cb35a4c5d62223a40fbe9e74be5b8

SHA256
15dcaf331e80cb709a7aca23ce5a3b6aef1a97c1b97a395538d21cddfde5e462

SHA512
d70b30e0f214446d36be1d7756071a2bba27237a920094872442280d47f594972e9883626a06af57f635957d66d6dbbd9fc046d3937695021ce59466f57c6e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5906ba763ffb7ac3c1b859365972324e

SHA1
775ec3e4cc4854a83a8941c74140c9bd53ffb33b

SHA256
83107e6c02a45ecdc38fdbb01d4e6cfe832e654edede181aef59888401a9d8da

SHA512
bb762996774bb9dfa1428f1f4b4e9961fb1fd35e2f6455e92bb8f1568522120f533c76c6042c47824fbe2cf5115c136e1c9b1312020f8eeeefb6d4b3153dc45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9702d29bd77028725afc5ac24f381565

SHA1
ed701fa576e36c5b8911ec94f3d738ec3e5624e1

SHA256
4613acd695c78cb013860293536f9190de6e7d4deca702916bbc22aedd38ccba

SHA512
c0594f8ec498a503e59ba3339b28c1318494bc4faadb35f684e26225b20a426837f45cdb277b192d769b984a22502774cad6ea97c96beda4c0d2e645d5606ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19a215e6d531f9fc209c95cef3cfdb40

SHA1
b602f0af57a85cab334c63abacfe452d61c90fdc

SHA256
084c1e00fbde2c921514014c398bfe4ea13cf1f7a5047927b82df8b9a137ef71

SHA512
eda5e0bf342aa328d3081b9bbe6bd87d67a6a9ffd430162d75f6b5f3813192e38bfe7655febc9823c428368d93f10b1dc439c15ecf84fbb46779f77d54b7a08a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51ff70265bd13a1c27aecd9d1e241523

SHA1
6efc274523537768d4ca2571c77b8fcc4a4af390

SHA256
d584f67504b8434d2cbee27da7cb8e7f11bf8a7f2d239abf846e7fb1707cc341

SHA512
ebf9898ba7ca5e5f73c13d62044ab945b3ec6141c399e942e656d0395def4f2f9160444c44e0f3c1d2512b3c65adb7c9ea64eecd35db66d021464725c81ef72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0901e903cc4f9b718944cc0abeaaed8

SHA1
984a4aca37c70842cdd3bc745c97f00fb59fac6c

SHA256
4233f3070614d4fa7d04aaca14f500310b5fa763d8a1d14042fab591975abf4f

SHA512
05dc7c4a6b4bea917ea09e24b2b97b94b5d8c76f86b57e9a934c89d83123c11de5acd741db06a922963273704cb2ef4202515e9d093f99a26fca7dd0e326b202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
36efc3be96693b8528d273be6440cd7a

SHA1
e47847f2ddc96c4290413a6b35bdb8ee49d718d8

SHA256
265ca6791ecd1ed6689859211fec9911fa929fe6068d77a0d067f47fb9ae23ab

SHA512
c9ba8e21e89796d041bb2a3f20aeb7cfe5e6c143c27548699186a6b205d661db057b9ecf7ae652833e23930ea9105fa28da19e69aa0b0a03460560ccdc5b55ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589e3f.TMP

Filesize
48B

MD5
03fb0347cbed215e8f1e0a5be355b123

SHA1
0cfa02b5f1556d2d8c64a0b96e7ba34b3e758962

SHA256
53fc9d190165a2777f547fc0e1c6b3c05f8cda96f5198681cdc42425d17e64f6

SHA512
9ef78717e02d3a44d37e444794540f9149b337a152dbdae1edbeb83e26fe420550c3e2ee5d2c68f4de56910dba160f26180da40f3d7704f8b3c6b67b079c9829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e5ce5a2052e8fd2b80a8a6205e3381b3

SHA1
22166f473f7e95a6e7c9bb933f3c97a689a8b642

SHA256
167f7105b86615bee7f017281ea1325b2b369bc2318d88c1d5d4841b5ecc2282

SHA512
063f09e27e3e7a4b8a3efba631b7a2d3c0a52bcfd688b50243d0580aa1e37386b2e32d31890e07aa9bb76e77281bb1ca7a669a96c29ba8f5c0b4e2ef2314867c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587809.TMP

Filesize
371B

MD5
3b6b774a3b079c1c46edbdb58ef98faa

SHA1
93e1fe11b1f46803763a2e675bc48bc9c2ed5b1b

SHA256
8453290e46f4503a83dc11f8d1bc8235c84c55fe8d3b72352b0dbb136b228c42

SHA512
7c0f0f5f3c1a5622dc7bef544be0838e2afe1a3233d75865565f7bb92c00c64a029a08df5149a8f2c363b79ef0390da996b88e009ff3136702314bd6a1e87dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
873b18238b3ad7b4eb0084e0d6f1a4bc

SHA1
daca9c01b12b1fe967bcd19d346351518b6630f9

SHA256
3fd39b8ca948dd6fcfcd5b5806605db439d414f31723e12a49db9774d915cc4a

SHA512
245d59dfe6014123520486aeabaab8b705513e85d4323814686d37ce5cedd83fa3ecdaeab64844ea2714358a98d18c0781242b9a318d4a2d587392e276bd6f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e72e990fa73065d3e87f81de62f71367

SHA1
a0a183c76cb309bd3fa993561a83335ba833838a

SHA256
bc23f27b08a91fd7ede433f3b7ea273474b84c26f4a97b794393b50d452b2e86

SHA512
de26c784e165d491637b0198c78bab4046cdf127e5c5c5bd657ba5dd2f5bcdcfb15ade571cc0a3fa50ec44ccbb1f38f4b8d80792a7a971f53c1f3a6cc3d56e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a0930c7f-8fea-4942-b32e-a9171344e3d2.tmp

Filesize
10KB

MD5
2c5b325182f91bcc51cc317c77c9acd5

SHA1
048f1b5e6f4219b701f89735b51c825dcbcfdc79

SHA256
e1341ec4dfd0e40b55c4094a5243b5c5045f67a7475e0a165d41d10bb0b12028

SHA512
2d32230226fccd19dbad28a0792c8b23c475c4e1d521fa7a9cc1cbfb61e116ff13213b22e95a9c4d2a3f91d6a4ae18768851e42c1e3e4370ddac3c6df63b84e6

Download Submit