hxxps://drive[.]google[.]com/drive/folders/1LQqYd9dSlNeSQsUBDpK6Gv71TRJ80kIy?usp=drive_link

Analysis

max time kernel
145s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26/07/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1LQqYd9dSlNeSQsUBDpK6Gv71TRJ80kIy?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
1248	msedge.exe
1248	msedge.exe
5676	msedge.exe
5676	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2460	1248	msedge.exe	81
PID 1248 wrote to memory of 2460	1248	msedge.exe	81
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 5960	1248	msedge.exe	82
PID 1248 wrote to memory of 4120	1248	msedge.exe	83
PID 1248 wrote to memory of 4120	1248	msedge.exe	83
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84
PID 1248 wrote to memory of 2008	1248	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1LQqYd9dSlNeSQsUBDpK6Gv71TRJ80kIy?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9eaae3cb8,0x7ff9eaae3cc8,0x7ff9eaae3cd8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9700006989554161934,18109347070975678743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
99e3af0e387e99d8a799a2b262b08f3f

SHA1
2f20947072896d4665c66f2e0cb7e6795a6d30d0

SHA256
70980bc6ce0069e857f6263202dde650751d1b93a9828367feea535905b5d109

SHA512
48062a8c5ef9849e85a0b4b7f19995f5e3f75456e55aca8f2c3329d7150cf44322650776487c65b328dc6a7d5ac74e790b697c9592a17a47393d34aaa2a2acaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dcee85ba31f10b9f270e61b00c4d7612

SHA1
051e65d4b4c12935f6047207a6c8b853d805eb58

SHA256
1c04a44cb92ac1be8b3056f77bc8125213cd720b71e905be33c21ee471356d31

SHA512
e3b268cb577a1f241c8e545aeb0b8e3d10ffce9f7e6d27c11075a4ee30bc57efa2dce88811400c3ab9c8d798aade664a06f4ceb4bf0b4f6f8d847e904a54f200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bed70965834961c72a947724b2a799b5

SHA1
75bd482193f559f1e5635e9042126042640ad329

SHA256
e689e44f81194c6f11e13d138a4dd294ea9393898e4dcfe01d1aeed800bb2321

SHA512
36a22f872bbc5964725c721d4cc45c2df91ed44b2e2baffadbe9069eeaa3aede4c66e46971a0b6364043cc3b27252437f869667d0c76154fa24dbe9259f041eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b45112123e499babec6fe52e59e838d2

SHA1
7b742b34e6b983a26a30b116c1e5f258a8b33ae6

SHA256
ef4d6a63f181bd0d2dbc66422014d9bb0cec3543c0fcaf80a2c7167ab812e8f1

SHA512
df313a4bd4b3fd6fdba9e88c41acefc152185c4b9e1b9c1ffe298be4a3b1c61c5142594ce7a585f789aa507771aa2ae452860c82d5b7f8eb7a4babbff6f86cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc3344ea96ad9f66c7c71a517e780378

SHA1
d6fd30571fbe35dbef67d691af9b0098d5ce8b29

SHA256
d6788c74769f3a7245429d5b4358b5b500850203fdb6a7071941b70625cebda7

SHA512
f3477a3dc96349804a1df927b5095f6546c345e0315e79b5f37f14d29db7dc884429b931b1f61d4a09e60c9968f887ea9ee8e7804818f59d2763e29996cc4020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43432a285280adab27645ab7fb7d0e87

SHA1
6a94442e9b7c397bb9b33d9ecce35a118fbd5c25

SHA256
178de1ba91ce77545d2bb6ec91bd2250df4dcae6b8f14ae773dc0008365d66a0

SHA512
cc3070e2853a403699dd13eff382465149290d2c4720cf510f2f0845708f60bc9ad21d22a237ca528d4f783deb9c2fba9bb0fbfc9c02420d69fbfa51d5ce9485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
806b27fe0fc5b591e72a6ed10ccd4a14

SHA1
0f28510d153d1088154b6b8fdf15dd15885c1db8

SHA256
4d95c2578863bf28e6bf87b6e7427e0f31c0e5aaf9fcb587a6fc0074dd6ebc47

SHA512
36fb75f16be1c23fa323c3754a2f94a1baa509c75a7cb26efd4d12dab95d65b8bac4e604fecd777f5eb1e57354a1875f35b30128b69c36d6311a02c68256a5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da9061968069c73b5a2d0fba85dd9059

SHA1
dabb79b3e3467fbaae0079de52af696fa6beab8d

SHA256
0da0e1bf5d69a0be39df91653d54f32cca0c195a6c0ae13057a39db72184201e

SHA512
e738f05ce3e2bf0a02419f1f3f5b45348587f60570e8f4d8ae1233aca0b9897a91589d45f2cb415019d324bff9ba3c945ffd8e3001a5e26291f0abd647c24d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d23f.TMP

Filesize
1KB

MD5
90a458d2bfaf920cf539e8e2ffa83740

SHA1
72166cb81bb1aafae32fe6c673f3c50f99d78044

SHA256
4f2da34bc88160ed210178463253a0cab5f301084980e670f602f113a7896ded

SHA512
888bde4bcd24dbbfb9627bbe986ceb7bd5b75307166b7d338c42ae016228f349813a0cda2e31f8675e8524230b205da1feeb0918b3c3d21c24e7d92e4c0244d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8d66e4d5c7b67f7f8ce8f2a97408afd6

SHA1
eaabbff34553abe1788770ce229664bde6a33c0c

SHA256
c048294abe043e280a8f6500c6f0732269faa86ea8f92eee98ea7f4080ee4f4a

SHA512
b999b2b5dc9530ce97e1e804ce6a56d0bd790212dfa9ec4d88a7ef50652eeeb516146bff6382a16f7d7662ef7f91483299bfb578167f9116f8ed1df5dc45a43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69a1d2d8f91d641ed6d3c812150a9371

SHA1
ab3a929a17a3b047f6e72ba173e2b2e9f43d7f54

SHA256
1cb21116514b921f425eec7fa25f72f8bcfa27a685b69f161bb9699d3072e7ad

SHA512
d3b20b60ac63b0b966f560bd218caf5f36f4d650bc6c5134d274de2ab2b959c472bbdd8a3cf9b9fcdd8a21a38d0aff88dea03650cb8ea890eb716acfc5dc1586

Download Submit