36abff84f3fb2f064bd44486415e44744e5e7608ee4e4741b3527de2c5d3c11b

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2024, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maccer/Cheat-Master.ru.exe
Size

10KB
MD5

70db36c32dd7b2084d0290646d9ebd96
SHA1

f60f984ec6d588cf9183f5db8075fcd92671e31f
SHA256

330a948e2b0018cfad48f829791b9d6b496a708960b91cccf7328f2eef354213
SHA512

ae5a742f2189781ee63ba49a748dd952405eaf4896827b1975297f42674affac1804c3c32678f335a1ef0fbe682af7f2178bb78ee1b24a4e1e1d5846540bcaa2
SSDEEP

96:jmeKz3/drDHMZ7h+YeZBxJJSI+UqOX+0ki9+3jtyLzJeCa8KC7tCH4VN:jm3+Z7h+YeVJJRhqOXKqGj8LzupIN

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
872	msedge.exe
872	msedge.exe
948	identity_helper.exe
948	identity_helper.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 872	2044	Cheat-Master.ru.exe	89
PID 2044 wrote to memory of 872	2044	Cheat-Master.ru.exe	89
PID 872 wrote to memory of 3820	872	msedge.exe	90
PID 872 wrote to memory of 3820	872	msedge.exe	90
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 780	872	msedge.exe	91
PID 872 wrote to memory of 2968	872	msedge.exe	92
PID 872 wrote to memory of 2968	872	msedge.exe	92
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93
PID 872 wrote to memory of 3744	872	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\maccer\Cheat-Master.ru.exe
"C:\Users\Admin\AppData\Local\Temp\maccer\Cheat-Master.ru.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cheat-master.ru/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9485346f8,0x7ff948534708,0x7ff948534718
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
    3⤵
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
    3⤵
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:1764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:1132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3289543198223265488,17471935620233388323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f692d25502a318acffcedb54145f0f2f

SHA1
aa1065ba8b3620cf0d5e7f4ae653118674da359e

SHA256
c028cc45c6d5c83b2d32a68731ede9b72dc9381f696005e95a3d62980bc0be75

SHA512
97baa921fb7cde44c874fabc9ba4cb1a95736087257ca7fcce52028e349b75eca0ea43adc50ec4ff967847c2607881688281032197e4799ec31bde30ebcceec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5bb7b3b334556c582095d5dbf9d078b7

SHA1
9f7ae1a325dd3115e0bf6c4ed39bda182c2d3be6

SHA256
e26b9c82f6638d3f4f5e7f60fc3e750644632fb652ea846b9e852311f5ba8ace

SHA512
32f80b405b2f06839eded303457f0296130e915b75879249cbf862ac0deffabbf8c30f66a70b7c6624de7026f03b0c54875feef59801b90494ed771283f6e876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c13d5e1032d7212b09a970928770a50a

SHA1
96dc523f9a4a6f1ce8490cb7491eab4243130c0c

SHA256
b27a335a76af758b60a114235f2884d9a8a9618d74d49ea16a529da9c3db1cf6

SHA512
41a9162ae329cdd1db3e5330c044d3091c06f7da81180145ce0105e99b4567db323bab86946dd254a79b818d21191a5e8e014181b9cfb11abb9c38b73c2c4fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba7f093c32d9330dfd16348aac49beb5

SHA1
ba777599fb6be1dfde0ac894e405855aeefd8f95

SHA256
a23f811cec912f2da71fa93fbd92a08676fdb680721ff7e0c43d226cdf81f216

SHA512
5ebe0e6c1b8757baaea61e74e966dc235f96e2ad221ce38cc6594f422e6018bf1aa0137b55aa03073017a5ba13b3d14c244fa386b7f091a241b13986a1ac5acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35d31a2e66ed2d2da09a4227df96b593

SHA1
7a3f1e209ea8666625072ecfea614bc0d950dfc3

SHA256
3ad96bc2a61c1a8f9b5cbb20b0581f4af7a86f938639324a8a138309b9139ca7

SHA512
d4723352d45f28ec23bd2a68844e579d900dec5f7899b0462a44f9c08f8e247ac7e8f7ec8ad367b89ab4eff01a66c28c7b3970bb81819bbaaccd13ccb635d985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c68c.TMP

Filesize
1KB

MD5
366ba600e0d7f2680c74a540d83cc4be

SHA1
5f631bb9f86ffa39ac609fbac9266976deeb724d

SHA256
fd6846ced8c146cd0565608bc11a01d542b89d77a529e818a5aa2c39fd80e861

SHA512
5012a771b4673e4f0c67992f45a870fcc8f98862709138fb217517e17c8099d8983c9cfc2d65071d86ecdca2c030a0eee6874b662a5bb1f72215f019670a7675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f3803f74e614223b862e13df00d1874

SHA1
71b07735dae3d435418d01f1cc822dbdb5901abe

SHA256
d36917c256a4072eeb23ba4caa97c15bad0b6507cd386de2c16a46835dd6894e

SHA512
a8bef6289b13afd2fcf89dc341d40f79965a88d1e4e810b2f58b97589fba6620afa673ff4a70c8e872e28925e3fc8dc198e7fd25c545f2ce9a503c4e5c08cba6

Download Submit