hxxps://jontrawolta[.]ct8[.]pl/winAPI[.]exe

Resubmissions

31-07-2024 14:28

240731-rs7ryaserb 8

31-07-2024 14:07

240731-re9z5s1hnc 10

Analysis

max time kernel
900s
max time network
1155s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
31-07-2024 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jontrawolta.ct8.pl/winAPI.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
1924	msedge.exe
1924	msedge.exe
2416	identity_helper.exe
2416	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 744	1924	msedge.exe	78
PID 1924 wrote to memory of 744	1924	msedge.exe	78
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 944	1924	msedge.exe	79
PID 1924 wrote to memory of 3160	1924	msedge.exe	80
PID 1924 wrote to memory of 3160	1924	msedge.exe	80
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81
PID 1924 wrote to memory of 4940	1924	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://jontrawolta.ct8.pl/winAPI.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb2733cb8,0x7ffcb2733cc8,0x7ffcb2733cd8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17049112910409169814,6585914794084156179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5456 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15960b37c05dc7b54098cd898fe5a4d

SHA1
2c7923730ff68a25d23f8e56c3e5b8e62d2a1de2

SHA256
a3dd370b2b481e239fa13c330f274b7d279573b77ffb813ba68a4961b36d6cb6

SHA512
7e0016a20ed5935f0b0ec2722617661b2486cfde8a9f0901c5f01b23a1545f8637149e5086281f02d834a6be112cbc8eae4af86639f7c1e1c9e2bc34cdb6f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cccdb04720e1632b3ababce0c0954ddc

SHA1
627fb15e39972f5339ba623ccf2aacf616adcc12

SHA256
4aaa61366719d6428b64217960e4c31bb925799dd75288307cd306a4ec833a0e

SHA512
4af29420d1bddd88a5fcfca9ef860d2cd1f97b9bf295c16b522a33d2580f264b35b3a373a1627a1f3be80044162c8580f54efae2e55befce3de8915c916b5bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
4.3MB

MD5
42e247e4cb3ee9e26070b9ddd2affad4

SHA1
1dc19ed0854bb1e6ca7b3361b776cf8ba4d024f2

SHA256
113a761e8949a7d24584d6ebc87c41813b9d9ab46a717d919b78a59b88b269d1

SHA512
65b1c32f248154ab2be61f36702ba9ae39c32595e352ffc90275db13b7c1e881963bc51801751e8c939c4c1b4891ea4fb6cf3558fb20e29eb2d792fee77f3e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
33a12e9ca223725dd0e186b034f98f96

SHA1
061baeef05a5b1632b9ef44881be14fafdd6f142

SHA256
aecf0adb6fd73a39785e2b69eb9553605cae5191bcee51197f3aeab21bb1133c

SHA512
114d3b113b3cb52fc7eabc2fb2e1ee842dfe24b3fc67b4bf7933ef1d0fceeb8cce2dc334c9288b55dfb68abf4419cc83b802847ac958ae9068fae23431d7b70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b98a2d9c002a853412bbf843318b7c13

SHA1
ef6bdf7fbfd3fab6eb572adcef0c988e9bf386ae

SHA256
630108340441027992bcbdc50b7df65710f51b3cdab4bd1838affb7638eca11f

SHA512
7bc88c0e225e5ef38bada716fe4ae1cff2ac77c81226321bef42e9ab4652447e7ca7d3599a0b95be73f7c8239f0ae19899836e19652740a075d89dcfc78d49ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c745a2e11fc0d045d8f7c34c58a0fe9

SHA1
77f1490b9bf755bb8e6cb4c0f96980ae94941b7a

SHA256
0a6753136ff8967244f86d39b1c478fb3e6a9374331e252794fd254e9b929ee5

SHA512
2901eb49b85a6e93947aa4e729918b366b213ffa8a1989a93fa393fcb357dde1c68d5bad6116285973711880e3df73fefb350a12981a5c81492195a2cdf6197b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4558cedbfb1a010ef90cdf631c658a74

SHA1
c162ff52d711eafbfb151ef2e75c845ce42f5742

SHA256
690d916882ba09108a816c280955103c6e5372fae3293589d1658c4b99277852

SHA512
6251154815268220a8fdcf0028e6a3d729a048635191470efefe8588877d309724119305b909bdd9353558ab0f5f84b6a502685c191b2d361a5101693eaf2fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e77d82629849a15953c4533cdefd7f15

SHA1
918690ee3ab1146eb540e3547bdc2d588065a74f

SHA256
8935ae231d7c8efd039f0127b0e7d4f9492de5a770fe670cf48665919371ecc7

SHA512
61a2c864e152adde8e1c0e419cb2ead98bb8b888e72b5a9fbef4d946b66ae71c1db0744fbb6dda71ab2308eaa723737027c0b62cf908060911f07bcf9d2fe28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3c46147fc7ea1cff7701e69e034d46b

SHA1
1bce18daac6e76bd7fcdb3e6f38bd54f36b0bcb3

SHA256
1576c8fc5bbbf85db65293861624fe98ccc8380464da5a121c7297f3c7c5e4b2

SHA512
1f444c6061a8ff484451e09a96e3d031cd59e43a0a914256d64ce4234d89a33fb59470522b763507ac864732d16e626e8705f8dc129447dc0a0cf9b16b75fe5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
818e69bbae1a8b5d62e871869a12d625

SHA1
640a29b15ac77fa7bfe7a477d53d6a5790301ad9

SHA256
3a61319e2a2755a7e35bf59f09eb961c050ac926b2c65dff87af424880bae027

SHA512
21e4e51508acef7d8aa37c1d12ff8cde2193cc07fe0d68d71be2fb2c32da6c29b5227c6ccf5f41fecd771e372dc3b0643e6611af6e8a713706d47ca243930d6a

Download Submit