hxxps://drive[.]google[.]com/drive/folders/11hUu_k30CLCecmj6Ik_hRIEDGQ2vNTkX?usp=sharing

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/11hUu_k30CLCecmj6Ik_hRIEDGQ2vNTkX?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
928	msedge.exe
928	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2036	928	msedge.exe	83
PID 928 wrote to memory of 2036	928	msedge.exe	83
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 776	928	msedge.exe	84
PID 928 wrote to memory of 2040	928	msedge.exe	85
PID 928 wrote to memory of 2040	928	msedge.exe	85
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86
PID 928 wrote to memory of 2020	928	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/11hUu_k30CLCecmj6Ik_hRIEDGQ2vNTkX?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9da2546f8,0x7ff9da254708,0x7ff9da254718
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11630377432849672631,15888863581579824301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
25KB

MD5
ab77c85aab42e61d0557bfe285bcafc0

SHA1
ac4241859bef658513fee5ae997b08543b8029e8

SHA256
32a74d447d992c99982a6c6979935c3eeffc358bcbcf7b1843ccb8021523f398

SHA512
41aaeb6c514f1ec1e97e213739ee2f4cd731cfa17fc1bd2c0c2d6197eaa487ed4b57c8d359ddaabc8764db4e12d3000eb2e23f884aa5dad0962ee9e0ae1d02b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8d87522a7ee9c75dce16d0d86042bb9

SHA1
538f07ced9c7105eb31af516a7a2e806eae7337d

SHA256
839c957e08b3576b44e2612c7c9cab4f64ba7a6d7e3bed1ef97b58558cb29c6c

SHA512
c79f1016c8f9442b61dbaf7756a83a1137c61c46114083bd95324ce5db26b381db01a7644d1d96bddb6dae85af98ea4d7232355c04933c772b111b948a3b3a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
40b5c88bd149bc45315b61cbfef7f0d5

SHA1
fbd052d45ed2ad434292b7fc936444091cb3d33e

SHA256
036775fbd3744d54ae5a6071ab3c94c01e07d37ea45fe37c8de33f6559c01753

SHA512
88de2200de1c849e157da5411ddd7478cb9786844756f2d5e618e4274700e525096e2da0663b6936f0670242e911d5a09b8e163d993fa8bc0d00f0800db5b3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70d9f98763738bece26da60a76419691

SHA1
f241ebfae4eae99f59e4aba378764569cf91037f

SHA256
13b36a22b5d446fa1a920f353922bc1b7f27f559cbad14fcafa3fac9ed23b4ed

SHA512
d9526583efd1d0efc7a72dd0461f3253209e2fc5c897c3620565ead0ff28a8c69b7aaf0fea547d2a1dc157c94929f4f99d74d2a0234f3e2dc6674d06702e64ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f00ad6a726d57eb71a078955b4626457

SHA1
e4a1e12a3cc386babbcce2d84bd65a2aece090d4

SHA256
8eb4140fa25b25751d1a5606c509e819bc1472bd00b2c779455c4a0357d52c2b

SHA512
ea724ef9c2e92e6fd25992897f0b492892b43d4cd8d3b5c972470a4d3c8957143a2359678b844529b8046c9bfb2b0a13e112579036615c75e020e4edd0701934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0ea1d1a4dade123a2971a48552b95fe

SHA1
4cd7390657992f06ea2ecf984e182570241fb873

SHA256
656df40b24bb1384c4a776a7a6f978ac691432415fbd1c834573eb510f9724a5

SHA512
bd69702c9084bca6a390936c32f739eb198012c332fad8a58e23dea46705c32f17eee2ecb3ddd0bab5083658dba5ed05fc97dd17f14949191208d50e36d44910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bad33230891ba7ba13fb7c981433d0d

SHA1
88661bc731cbd7371e2d8e5d6d999925fa528588

SHA256
e88d64fbc96af822fda3d007eb611abce8976a9ab88b6c4cd71e77bad08f5009

SHA512
d0e71c00828db4cd15d7a1bf6618fc499b9ce8986edb49394ac5e8c76eb226fc9b389a7e54b6ffa1f20d1874922e7e47dd69f35231ae1d421d51532647820f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5c9ff228cf5c4d1da0360cb158643a1

SHA1
3cfe060e94081f900e47809b33c73174fe6b9818

SHA256
40cec1c61ad067f7e37e6467a927fbee8516247296550c47af009bb1250630d9

SHA512
5a5301f3ba7243e6da52dc96c7ee1c48e81acf48a1cbf40c6d4ae359f7e6f27a54fa27148071a4ae2a9c221e576e2e13d29068c5fc938a735ddc3c05ca6d8ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f25f.TMP

Filesize
1KB

MD5
eaf5836b869bfe473c248a0125aa1f8f

SHA1
c8caee1924d1a8dc3369b952f0378434b0e7965d

SHA256
2491bcf85b3043a23fd3125afaff006924819161730a5e3f373026faf784b3c3

SHA512
ce31f69ec953edc3621c7b96ecc78c47c83bfc5468687077df150d9a618c708e9363ed40b91f38e87dd4d023374d88c8f0fc2bae0ebf3c86a4232a6bb0d34fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f4e29fca-f77b-4872-a10e-22a2accb8864.tmp

Filesize
1KB

MD5
bd0dd20238ce000aed33455fe2402737

SHA1
df71af8b75514242433e977e5a0cdaaf0a3f153e

SHA256
d8bb4d951322106a4bf09b4e6f986b76cb0f673423eb7b81079322d73afadab8

SHA512
415450e1c4983dbe9276ffd74790bfe27abffca644bcb8d2f17c29a7aa2f027e3994382bbadfe9f8179487b54575074d3aeced8340dd103b717df2f155c6f380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
995c0042fe3fe41e6cf99c7142e9a6df

SHA1
9d84e5e427aec90d601e50efbc90d060357a51f7

SHA256
594ae304f1ebb6194236e6e298772becb88b3caa8ff9b9dea27ac4efb604e509

SHA512
8a4d1df715e8ff6de0990d9565af4921485deae998891282847c5e3532039375c833ff1037d26e1a59a297e25b4128f342fbe33c3d6919e48622ed21ff7a20c0

Download Submit