hxxps://drive[.]google[.]com/file/d/18-_TmQGeZn67TgUEZn2BW00dlr5ffOTS/view?usp=drive_link

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/18-_TmQGeZn67TgUEZn2BW00dlr5ffOTS/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
4872	msedge.exe
4872	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 948	4872	msedge.exe	84
PID 4872 wrote to memory of 948	4872	msedge.exe	84
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 2036	4872	msedge.exe	85
PID 4872 wrote to memory of 1520	4872	msedge.exe	86
PID 4872 wrote to memory of 1520	4872	msedge.exe	86
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87
PID 4872 wrote to memory of 1568	4872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/18-_TmQGeZn67TgUEZn2BW00dlr5ffOTS/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa0e1046f8,0x7ffa0e104708,0x7ffa0e104718
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13937765924025063017,7451614937126251579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f428b7ab4bb933a946ad974cacc4a450

SHA1
cbca5b1fb54adf51b2eb9c1e6af2130235085284

SHA256
a76219a2bcfe788b2d51e37d98c193ee96324701f8fa626b928b44be8c9c764b

SHA512
f6107a1850658a0105ef7989a0fdbe913197f841a6e50f47456ed937fdb69a1335d3421e9430ba81be01b0de605173580db21b83996d4e1d43b5cabdbb1eb8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e59100009384865adf7db04e1d00a303

SHA1
88e20bb4cdc72c0c0fe06ac97f39da6ecf55ad93

SHA256
c5c0af06d89e830cdb984602f3332c32f6f8b592739beaa579e188ecfa553708

SHA512
bd46f2131fbadffa35032f287d7881e338e582c5eabf20d7c063e1fde5a5701f089542bc499f5cf470272f6d9228c25e05618545055ddd0654b87d6728d51351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
864d9766de970d1bb88ce2c2f16f6454

SHA1
4d770551118d06853d90805dd367cb06482a1d3b

SHA256
ae2b31a7df5cc6abc2fd0d2c8d45eb94bf7eb966127690c340bde48820d41d79

SHA512
ec0c2852572ccf122418f0abb7ea64b58a337f4a86535529ba675f0e661b5fb63957bdadd0db108ed9d3254a4b39cfb4a7f2bdbd58fa1ece5131b8ec0497256a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f34dbca54a7b53c050d68b18168e14d5

SHA1
e5703c1f2b57b457094153d83ab8b35d5a48672c

SHA256
0ca75f5a15c9562ce7aef0aec4b59a7cf94386f291a4c8930e6bbcbc8a773ca4

SHA512
4d001fd933ff563b8e35f05348c51e2d95f599526e703da536a3ab0c29783f0329f38c2e25430feab9b01b157be7a04e7ca0566585bf08b425e1acd05bdbf82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e433853cbb5e9a4487d303a18ca0d19

SHA1
dc3535ab117c60099fdc65f3d707c95b9af6105b

SHA256
08ca6149b23c9e6dd72953d5eeaaf4c78963a9f3a408b7dcf2886cc3cacc417d

SHA512
f15335f9081d0c30419b8ae247fb9e6e087524b62fe70dd367adb20efad91a9ed20a05f76b2a80271877451f4684afa1335044c5bdebfe5c3773de583be4c0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a989d608c79a7300b40dbdcb6d85018e

SHA1
c54d16e453046113670ab1c21cc42a9cfeb1cbc9

SHA256
09a2e1bc4896b21193937019e64be617db6402ad75aeb6f88b23ff0e9baa1a47

SHA512
3dd6b2e2d93d3b1f8b07e96d581bebaec7184c54a1c7cb7540756b216d2a557c81a7d16a725cc2a0076cc7b02eed0510c532c8cff21c2a64799fca1de4338160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3861f1b65d89ec984d3686982b2f6448

SHA1
7ba4d9c1c6d19907e466054a413192d77c676420

SHA256
d9473c7b1bd1c4ad0a6883658ef91f1288233449316c5d2807469fabf51551ea

SHA512
c404f494eb5eeb3a9901f6f4054c63f0abbae545be92e0585abb1cf1580f8bed945d72af702f5db3527970241016fe520a6f99e534f3a03390cd1c214dd4b49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
279593ce2b587397b4f4fb5eba5b1056

SHA1
ec5d43bcf6928ab0959bb214a93280a60d07f969

SHA256
4d428c3f7e08c250c73d184223daffb815cf0c32273c1f18234fb40d0f52aa98

SHA512
00ad948c1101d593465f40fd921e74c0fa3a9e07537968db127a5d35fecaf9b797aa1e9d2cc1617ca40702aeea6244a5d7fd467b3864ab32877fde01898064e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee77.TMP

Filesize
203B

MD5
aea4ea7f11562c023d2158caa8e244e2

SHA1
d34ad80f03bce436ae3ebbe0911ed4e8d8c1727d

SHA256
4bb8f05e41ddc361102d3120d3e5942fc5ada8ff035618c817e4914e6c9fcfb8

SHA512
429bdae72757ea006ffd849da09609c6a09213cadb9dbfa9c7ba9457f3d80a5326d60680afe901215e15f40f0973a9ffe94b71519058c8d47fe28c7a900355e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b9fad90075036d8ed27f1ce4c669d31

SHA1
c971830ce6a7fba64c4877bc9ac3f37e14fb225c

SHA256
3459b793d7ff7796fca0d66dc57e4f8c9a4b2be413d8a53ac3b0b6941d8cfb6f

SHA512
d8ceb8ee649e9a3112c21fa03e888754cdece52f0202e1f9cf6a63aeef822f72596cb02235f23c648d7e651274dcd4f2dd536e73915e1c12c1362ffab48d4799

Download Submit