hxxps://drive[.]google[.]com/file/d/1ShzdUC5KJxTnGOmQCUj_daxcDzaaG6gX/view

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ShzdUC5KJxTnGOmQCUj_daxcDzaaG6gX/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1000	msedge.exe
1000	msedge.exe
684	msedge.exe
684	msedge.exe
2900	identity_helper.exe
2900	identity_helper.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 3744	684	msedge.exe	83
PID 684 wrote to memory of 3744	684	msedge.exe	83
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1864	684	msedge.exe	84
PID 684 wrote to memory of 1000	684	msedge.exe	85
PID 684 wrote to memory of 1000	684	msedge.exe	85
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86
PID 684 wrote to memory of 1380	684	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1ShzdUC5KJxTnGOmQCUj_daxcDzaaG6gX/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99b8d46f8,0x7ff99b8d4708,0x7ff99b8d4718
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10313585601679617333,14086059010472243614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8e7b6352e1bb8c9f03fc286f6174274d

SHA1
39eb5b5448e9f08512a4dd065335b0193194d4e2

SHA256
c93010945a37411758c8d19d07c0dcb9325f0e074822a5a4561f5a019a156bbd

SHA512
9e87273b4d301fb281e8e9557204fd58c38c98daa1b1680c2c54cbb7907c61d68c485ff94b43d39085242b8a2b643e0be4cce9c20d81e349d5cc4ca7a4c3125e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc62ce064a3a3b7d8fca2cf0204fcdac

SHA1
6026b102da27b6bd1895ad5cd4af279c9b2364bb

SHA256
b3846137e8be93291151df4a6f3ec7f6ceb45a50b2142aa443c512bd72fce2b5

SHA512
f1201467a867fee115e4140fc8129901397d5fe4c3cb69b8e54dbec00de7fa8a626eb3902a8eeb5347f840d0cda76a22e4375ae7ed7f7eb4acaadcdc5e8d3265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
305f3d42f3cae28067af70e5bf0930e0

SHA1
7b11a3dd51639cf6ecbf1a99166cbdf229bdef4c

SHA256
4325f1599c1334a5362bfa46ad8376e8cfda7fd49eec97f2edff3a5c0684b83e

SHA512
7705674c462025b7aaf389e878fd8631f389cae3c584ab1d63fe7a5b350bb22628e07dbf5c4f4a589c4083ff6b94646d5ca4f30c10c062b7496064bec3e1ef57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b48a8add3dcca3122f6489819f651fde

SHA1
3bc34fd6a499f1aae7a27fe4cb6ee014ec244407

SHA256
1b463063dce48ba69357543a14e4ed18d7fc077657df91fbfbf97d8bf1821bab

SHA512
bc129b09d90585288d3188e50ae95dd5262532432864701eba6d44e9494bef1ec0a32f41fc01fa706f7ac52849e1d51cf3a9ae80ddc1cc342cf42a36359ce3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23777d75e5d015dbbd1669e50034700c

SHA1
ba23d59c208d2a9035e2b6426793cdffcb61d09a

SHA256
43dce77e6c7c9e06f49dbdcd825642b7182d3b5735e15883f81ce030f0d199f5

SHA512
c47e7922d5852a30e7eab1486064cb6665bc763fadc34430804872fd94a6b7f9de8cb7cdcc9198c59c7bf75a473e4426f597956d9186d34875f1512633edca02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
799e4a06246297a4d9121139c7c8ff21

SHA1
b66761658a3abc01336dc2a128bbbbf87e6a1982

SHA256
0dd30b02b29e34180135ca9f966da9f8199216024a47c9042cae9d92ac98d2de

SHA512
9cca0c80d9ee6f5de7ff18fe4e2961e9d853a7d8e9a203173e8694dee682687d2d7c6ebfd929d8571545cf05da938fe26801ad208bd983af9528b0a1d6c08ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8258f04ad9380c7777034c454d7a40ca

SHA1
bfee6e1dc11bda40c0918914d0f88f5ced209eef

SHA256
32c579c60759889a832a7f40747bad5afc545dc4ceef2617a205f2fce057f907

SHA512
d0ef98695806b4f6710cd606631ba6d6f7f93327f1b28a9045b70df56bd837af7c6f79658a9a0c4cae48965b3bf23f4c56666a31dc178090a35a791fc6e01958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585290.TMP

Filesize
1KB

MD5
90bcf5986a6065da95a1fd41c953b39a

SHA1
e936e88734435f2c02c432ef68c11e4542cfa17d

SHA256
f3be0079d67b13a61a32e60fd5aff29452b3c93e10302db9a2502fb126f2e806

SHA512
7d1451ae50e516e6e8fef41069698a15fedd0cfafb9a3b7cc90f7d3a8bffcb86bc76b6a7d3c0edf95d333d45b8f44b60f7b61ea71e86cb77bb28e6c3bbfb6565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be76ed513b3fbc23d14fc4c9b1d074f5

SHA1
5671a790afa3ee9a6ec73ee3512de9ee6c7456d3

SHA256
4682d7905135c7161b9d79c011ab25bf96c68f121d2219204c60d7d85992a01d

SHA512
5ba3aa9037380e3bbdc9479788fdd60479938262471f976f6fb143fa2a2d30606aa48ae2ba56228781af7561152fb3a180970f123316e90375a222fa8c2a0fe2

Download Submit