7b5188b9737ce003d20c93721f3fefdc62e75730a16d1bc8b4d2fb1dd86e8b93

Analysis

max time kernel
67s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0300292ec5289833a65c56f2a538450d.exe
Size

78KB
MD5

0300292ec5289833a65c56f2a538450d
SHA1

ea5816cd93a036c5842b64cd0c346a5aa36416b2
SHA256

7b5188b9737ce003d20c93721f3fefdc62e75730a16d1bc8b4d2fb1dd86e8b93
SHA512

3df0b803ae0a5764d0db93e2782c1ae0eeb3774e45304e4ae5e63132a6a07633cbe1602bf1d729e1011b96f94b483106af289775e71c38ee1f2bc41433558785
SSDEEP

1536:jPCHY6JIdXT0XRhyRjVf3HaXOJR0zcEIvCZ1xjs9np/IPioYJbQt19/Z111ww:jPCHYOINSyRxvHF5vCbxwpI6W19/rR

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
2240	msedge.exe
2240	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2240	1196	0300292ec5289833a65c56f2a538450d.exe	98
PID 1196 wrote to memory of 2240	1196	0300292ec5289833a65c56f2a538450d.exe	98
PID 2240 wrote to memory of 2388	2240	msedge.exe	97
PID 2240 wrote to memory of 2388	2240	msedge.exe	97
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 452	2240	msedge.exe	106
PID 2240 wrote to memory of 4368	2240	msedge.exe	103
PID 2240 wrote to memory of 4368	2240	msedge.exe	103
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99
PID 2240 wrote to memory of 368	2240	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\0300292ec5289833a65c56f2a538450d.exe
"C:\Users\Admin\AppData\Local\Temp\0300292ec5289833a65c56f2a538450d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0300292ec5289833a65c56f2a538450d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
    3⤵
    PID:5616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2292966740372247024,15929096546900360152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
    3⤵
    PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0300292ec5289833a65c56f2a538450d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0x100,0xd8,0x7ffa91c846f8,0x7ffa91c84708,0x7ffa91c84718
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa91c846f8,0x7ffa91c84708,0x7ffa91c84718
1⤵
PID:5552

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b8fda6e72e4f54560c6527fbfaed95fe

SHA1
d08262aa7833c59b575872916800043a2f30d352

SHA256
1ef7f612eecf606000315c06ae1f584455ba7ac7825ddc21b7cee64cc991ce11

SHA512
0144a9cb08ad2034d8b49a1a9625e7b32aa746568a23f35fd66645555839c96bc0635cd37377846f30ae9b2c6a65cdb303ec2884f5fc8c21987f72f013c52d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb7e25515649da907453e31a090d2a82

SHA1
98f2356b088028332b63b10a1dbc7d2c123dc058

SHA256
e8a18736b9b1fd19f137f1a46e6306e766601590e6647139183d6732c616b40d

SHA512
f0eec3933894a0c18a01b2c80fd87593e98eff3e85448bdaa7a7eba895b1c4e92fcad44cb1319c723261ef5e48075f07cf78d715b1b6b1da9b630ff26c82f19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71819fafd84c94fd314ca03bec1824cc

SHA1
ee971614f919ec7ab6bdb86e6a1a9fe05da55ef8

SHA256
413e0dbacb2b7fbbb7ac571a4684c9e2e8079bd89c60648312d926842a6d2d18

SHA512
a9910cf8b36c66158c79a79324ac4eedb5a896cf9b7b83c4cdc134cff9291b12effd2d1327dc108308ebc4fd1b8e8a1024b72a59bc9a565ef1fd01cf84163764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fac964a2f606f2f7877217982cfa4c58

SHA1
af558b2254ece936328e49520274e2694ab27103

SHA256
c08c2c173eabc0bca3d1959b20980e05fb57cce38477acc67e2801c61988facd

SHA512
3b68856ad3115efd0b319ec15509adeb4a4fd7423381741adff962ec03a79eb5bd0effccf3b3b2a4423ccd9c6bb1188183d001a6250fd8d49f7f7afe280c874d

Download Submit