hxxps://is[.]gd/pV6C6t

Analysis

max time kernel
480s
max time network
556s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/09/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/pV6C6t

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
772	msedge.exe
772	msedge.exe
4892	msedge.exe
4892	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 948	772	msedge.exe	79
PID 772 wrote to memory of 948	772	msedge.exe	79
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 1336	772	msedge.exe	80
PID 772 wrote to memory of 4656	772	msedge.exe	81
PID 772 wrote to memory of 4656	772	msedge.exe	81
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82
PID 772 wrote to memory of 3344	772	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/pV6C6t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb12593cb8,0x7ffb12593cc8,0x7ffb12593cd8
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ade0f4bf015aa454b42b298b22ac4d28

SHA1
d2fb04d18616b3f3d16209b5b2b99bd2b77ad119

SHA256
a5bc5101f970ec45d1a34bc076550676a3217fe4f74a09c2eee46f168a063169

SHA512
1c9c47c319727342a04eb119933d1d590c84cb3c5dc1a0f6a5c4530fef5c162b0a2b4269fa22bb8cc2889c193fa51c4cf2ed59eb0599749e4fd1cb9352217982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
267455ea7622bdaad9c80edc61cd220c

SHA1
2e1a3a08b29bdf0bda2d1e4b0ec440336a40758f

SHA256
341fe38c973cf7549e4d85ffadbcccd600bcdab105fe0bec642aca7a90e59e21

SHA512
a4a0dd36a013d7d63c23d8388ca94e15e2ebff2e5e1c4fad3d38b85fc377a371b1e137b254b446b4fb8baefd81e831cbf35a2898747e09bd03a56e2671b7f23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
270649b0783144bfad8cc98a5eeb9b7f

SHA1
61cfce0c2e96c4b722f2cd750527d180aaacbbcf

SHA256
7bae9c53571766d34db4f1ba028696efa8a7051160bdb22afc7569087fc471d1

SHA512
0b302e66da336027a1f71cdc6b10762f0b0c1fcd332c3eaae26c22bda6662f1fb7ede6f2f3d58a2ffd0e49cf20d1d4286abaaa874005f11aad4166d37d5f51be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
842447cd542d12ad91ec5db80f3b2723

SHA1
24542aabae51ddf6a17f38f6357e40fde1df9b99

SHA256
4547a8ece856a9207f24b58f909db98f85c146f0289de0bccca03021334224ef

SHA512
841ac94dd8a6fee6f1776224ab8b87b2ce4d9a1b5181d159be8bae92e4333409aa6a13a51439357d7b24b970f4513b1494acdfb0965c85505e8734b911eb57b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3c0ee4de11645cd7494de4ed42e9d27

SHA1
477d07f92903f9cb0cdb8d43ea1d34bf35eb2e41

SHA256
7cda32a211de5215c8dfe567ba89bcf505a2863e7e3b0e5d1cdfc52dbb765755

SHA512
b3c1a684a59b4d8b872b60da9bd9628f04e2b316062a99cfacb95aa5cb5ff9a73f36fc9ebea098fdc3b98fae5c1e76daafa1597f646bf3bdfa0d421c4f923afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a18dc1f5d24fefeb7bf95cb9a81b912d

SHA1
550abb8fa43d970ec113010f4e255e306d12465d

SHA256
8c49d69ae1f5e35f707e004c5ff9632d2e437d16970b8a2b3fb249fcaf8f8eb4

SHA512
974245e22d2339877fed55cc66ebbcc690b1995116d65a9c6e5d636e4c34c71216aaede8880e68af8b85611e8e32756d0a788fa9961555ddb23ab95e38c42165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85b872d29c4c22c0173fbac3ec0c4a20

SHA1
1a9ff4d29c38630f0461684e0a70b838c362a247

SHA256
059665e1780926a50837e0db141307c31a97856919076b38478b185d93ed5788

SHA512
ca6ebdfa3e072b0c5c844b3f7c3d2883314094cf91a48915fe2018b12b2af838fcc7ae5e8f88d19c831b30c431fdec2f4f4a2461a2fd3c39e84e397f78b2b239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3371914040424dc978d950d585c999ee

SHA1
c35fc8884991a45e71024c70a84b80e27dac7be7

SHA256
2c1cc95c8862a9e3c40019ef90e12fba62f558844b71e6728a7fff1d2a51906b

SHA512
dacc2c1bded8c1c60212fbbd2f7b81161eeeaaf5f7c6c0e1bfdbf3e9bed7a637535ba2b1c3081d2e7d39fdd3f7d86412fe9b78f47bd174e61eeb8657c92912f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810c4.TMP

Filesize
1KB

MD5
86bd36a9ea8ad637c109b398f104b50f

SHA1
cc080a2a872d4315182578027adbe062e0251ff1

SHA256
a7580ab60b7baee09639a2f1cb20ea5419e144ba70459281d4c5257f85e9acc0

SHA512
020ff47e51f31259c83c758d9dc0f1cdacd342e4b08f48f7d17c3028121fb9408992c8045d75b7abb90ca37aa972d7bce329d08e4e2fc2c106a7d1991c1548ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b9abd80ce93c53e86a27fee559d06c6

SHA1
d7e6383b9034f642341e56c74c190c45863ae085

SHA256
87af64bd6bbaefe420b9736905942fe3e07c2d3c1abc36428cdcfe4f35d0ad45

SHA512
de69092038044c42be8a41554632025fe899f387000b101138a5937d240f62469de3fe6c5abf9867a46e0289da16fa618556a0e84f1a4a25305c93e7ab930956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b1ce7c20d2a604f7e942bff3a20de59

SHA1
06fb080dede1d482deffcf96fe5b77a25ceaef73

SHA256
a01f222e47007e81bdd842438bfdecbfb1e4f43c3300a3a5923cc7cd4c409761

SHA512
a1f981d9145cf6085e48bf1a2e0d3bbc3c045488ac7138e6866e6e3ea562dda647d7d2442eb94de4c934ce1ae274df0fbbd2c0fc9b9abad9743c3932c55b44a7

Download Submit