hxxps://www[.]oracle[.]com/webapps/redirect/signon?nexturl=hxxps://download[.]oracle[.]com/otn/nt/oracle19c/193000/WINDOWS[.]X64_193000_db_home[.]zip

Analysis

max time kernel
145s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.oracle.com/webapps/redirect/signon?nexturl=https://download.oracle.com/otn/nt/oracle19c/193000/WINDOWS.X64_193000_db_home.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3224	msedge.exe
3224	msedge.exe
2360	identity_helper.exe
2360	identity_helper.exe
2552	msedge.exe
2552	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 3196	3224	msedge.exe	78
PID 3224 wrote to memory of 3196	3224	msedge.exe	78
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 736	3224	msedge.exe	79
PID 3224 wrote to memory of 3236	3224	msedge.exe	80
PID 3224 wrote to memory of 3236	3224	msedge.exe	80
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81
PID 3224 wrote to memory of 240	3224	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oracle.com/webapps/redirect/signon?nexturl=https://download.oracle.com/otn/nt/oracle19c/193000/WINDOWS.X64_193000_db_home.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a2eb3cb8,0x7ff9a2eb3cc8,0x7ff9a2eb3cd8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17717413410712917570,413877727122216309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
405ef15abc78109ecd297f999be3aa80

SHA1
d3833451faf020701cf990f680dc5114c273f1e1

SHA256
9f758753e5cb74068d7be3157a30e52760c16f368cf51b773e32f475fb8b2d65

SHA512
6f50761ba1271d502554aeb47014dcfb83a20ea74c69687c90bd157bc91198a2b4f9bb60de8e4ce4ce43fee07aadeb08d2389407173d410fb22c7f082bcd259a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
575B

MD5
bad6ff3ffdd2cff5f397d0d8246fe8b6

SHA1
d1cf083512467c29bdc8008005570c4e3fa55a3b

SHA256
99832057582fd5a479a7386e63f68f3cf6e61d636163ccefeeb9a04fbdecd60b

SHA512
388c7f9221ce6f5b8b1c43d8c879c78f3ecdfe0ba924df478281984543593a011e6019d469b5eea19ede934baa6a39154fd10318193a9426eafe4ab336faf8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c619cbd78b104c8a638da70bc46caea1

SHA1
a611ff1e8edf07022aaa2671420607067e5aefe9

SHA256
38cf75e1ccad8f486b2a8c6f389aad7255cb9317ff2a76972e0479dc278d27b4

SHA512
e17b179eebb882004e3a722fc30df32e8dd46111be356cbef00974cb164941eb8aadba14f6a5bd56c9183d237d5794542731333309e36201bf069c1cb7d1a2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7c7277f24d62731e8f25056be207465

SHA1
ab9da02517eae5d7cb5ceae92a9aa26fcc81486e

SHA256
d8f3dda95b642139c6e1c204eefe6af37d1e044f6bc35bce3798ed92648f3d00

SHA512
8901b02ef358ddaeaa0733fa09cb5ce8951ec2581d3a7cb3917e21f89761dd21b2e1e39275aa66df7344dd8889e22f6ac6f96fac45665aee13933a5b4bce01fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
7748368d3f49e55e9eb9281bdc1c27a1

SHA1
efaa232eae2bcf04a1dd9a2d94cc7f82db5329b2

SHA256
e54ffc44dd52dc796994ca98d9a6cf1043308d9e6b5f97dd9319d1ecd312023c

SHA512
63f6898b3f17907c4e31cbcf074029abdb7bcb8bffbf2ac39fb537e4134d43707f2ccf4dd96ae7c77932b9dddb6dc7d93f75a7aec7a2634df29d2ca228dd050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5b1.TMP

Filesize
704B

MD5
a9ae09ad669e0c0558c1b5f347070828

SHA1
d6557e6e3f970f4a8e9421fa601a46c34bc0273c

SHA256
e5ef340e9021da7f284561a273d9d7e481cbdf6420f9cf1ec2a3d7c440e0eda8

SHA512
8955968c4f785f3125b341db881e5c94e4ec1fd78fd07fa329871b47380bff02cff83386cce60be73e71c12adac54cefe09a6e12405e873d7df084c1b8bcf613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a21f775fcb340152cec25c1fdac6730e

SHA1
6bc86214faed2171d64be6c455152a655a7f34f8

SHA256
e91129743dd1c69412c58e6b5f18ae236b6c650b608c81c68a55067065a1fcae

SHA512
f7b7d3621186aec37a8ae79cb095814d0042eb996f4b4ca5185204c1b94f6c2a81dcd988b5141e4036dd714f7467a118d234779c05ac6628892314e9de214d8d

Download Submit