hxxps://drive[.]google[.]com/file/d/1hViHqRA-NX30nsuhMhswcimyPOXvcBHX/view?usp=sharing

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1hViHqRA-NX30nsuhMhswcimyPOXvcBHX/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
11	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
4028	msedge.exe
4028	msedge.exe
3040	identity_helper.exe
3040	identity_helper.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 3820	4028	msedge.exe	82
PID 4028 wrote to memory of 3820	4028	msedge.exe	82
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3240	4028	msedge.exe	83
PID 4028 wrote to memory of 3476	4028	msedge.exe	84
PID 4028 wrote to memory of 3476	4028	msedge.exe	84
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85
PID 4028 wrote to memory of 3988	4028	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1hViHqRA-NX30nsuhMhswcimyPOXvcBHX/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9b146f8,0x7ffcd9b14708,0x7ffcd9b14718
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7078771222756554208,863259499086861338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b06b20c9b65481ba67aaa7acc65326fa

SHA1
5a001654b5f8c91d3c1d9060f074d24f90c7dc3b

SHA256
77d0b20260a18e60d9f9e77d5005f3f8f231ca1abdab18450eb0c70cde5926ec

SHA512
e9614b52d0b743b7924c98f5eec8def89f94aeecbb87192c79b66a76b840a15be2006e161cc049759648d06084ee24415b629c53e805c2f9334437ca51184d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6293bf7841c2f018d5aa8deb1c817e5

SHA1
e4e5999b1a37da7b33e0b1731fe47a8ccbde01b3

SHA256
6807d61cd7b478b277b015ea1b878ea1ed069f21b8827a15f57c3e29c95b77b6

SHA512
4cf30668135895a92db0d0b58d0c32557e48eb96ab41527a650ddce60a93db2ed90b917f273853841b9ae975880cd9471cfad33a3fc286d86ed29f0d8f255423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e03bf1f829aec1150d946cfe902c606d

SHA1
1c15c507671b4690859a31b65b75a2d7c9bdcfc3

SHA256
f967614d6031ee9821cf6763ccfcd22a2af4b64b964a34b33e0396313ad45f0a

SHA512
72c39fb96ba7667bbe36f156583d38f083b795210f5d4995b9de6a7fcc4dbbedc8d3604db76ee0cc7d432a83eb402719e4bbc36d0ff23d66d6e177e14d467625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c233d724e573b33d6ae689f1c7ac817b

SHA1
73e8d13c4c922c9aa3dd1352cbb9631cfd29ed11

SHA256
4f53a2f83e4f2cf3debdd41f3aedd350bd600c7e25a93b4f770794b7c49c4ee7

SHA512
8366a4bd010807b5b81b094ef7e5b18ab20584d73db6377504cef596e2f2090ba7002ddd642cff6ed40159778563fcd0ef55f6b58876abc8078b55ceb5073c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17fd62a19bee7122b4d3aa1efd74b40c

SHA1
7073af22b8d225ed2367245e07f79ae75e3a3d35

SHA256
977cc1d0cc54ef067743a3e9991064d87191abf7593e163a477bc6ee97d3b3cd

SHA512
aa565514a63c72cc3ebddfc8487ccf980fe514c8b9a5a9d4c87bc0fe4a4fbaecb8cec7a73801a7abb2a75a8730591a08f56508fb3da4389cadebbe695508d95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23e704a3865d68f347d1ea58dfd43da8

SHA1
a0d2363a68761bbd420b819a4214099c778d0a2f

SHA256
91c405acaaeb9832a78346908e166a8d5e80c0901e7b8d2c769a13741d4e1390

SHA512
0018de53d5d5d4aaa2470deb41938a670f539aa669adc229b14239852c56c1ca1fa6053aaeb36c75a2e0776cb022c68b2910d5e766aa9f53129aebdeccbc0733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84cbdb6cb1c1b10fce01149af87b1ca8

SHA1
394b02d3933e39728f2e5b01ba435e55cd8c6440

SHA256
c93175f9a948140dcabf05cc56e08d249d68726331761f1eb95fd783e3660a17

SHA512
3036c4fef50b36793ef5e0ed880e37af97a9744d1c05421ef180c53094b211cb36c2cfee8437bbf9208ddff1461c02bd05b974ce20b1144874b00c93e78f820a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581661.TMP

Filesize
1KB

MD5
995df1c5cc5ea7e34948d64302d8ae3a

SHA1
86537ba6506730dfd30b73c14f6b821dff7fb430

SHA256
6f41c998e6534f205d61f33653424c1e7656b7ee1552fc2eb4c53f7d87067c96

SHA512
d1352480b12cc2c51a5e1a193861e12ac44c96027e1ef5a64dff7300f09227380fbd16eeba19897bf1c427f6dc56c76ab6fdd963f5411ba3a9566ac3714851c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1587adbc572f64085c1be0ed1d008fa5

SHA1
c15d0f526743623d57d200ab902d0d277becb94e

SHA256
56a72ac95cd89fab274e1ec2aa6ed38ec7ce2ea64849ea4e5160bf477c7c2a0a

SHA512
74f6a40a37a5faecd25e4d7d47ed3d0c8ab706038576f06024dce809d5b785244108a2820e5498a269beeb8071876646c1750b4d50bb7becf191f43bb89268d8

Download Submit