hxxps://drive[.]google[.]com/drive/folders/1KENXXIe1CbvgLvGkbgxNsWDThcoXO6Wy

Analysis

max time kernel
88s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1KENXXIe1CbvgLvGkbgxNsWDThcoXO6Wy

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
3504	msedge.exe
3504	msedge.exe
4948	identity_helper.exe
4948	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 4924	3504	msedge.exe	85
PID 3504 wrote to memory of 4924	3504	msedge.exe	85
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 1324	3504	msedge.exe	86
PID 3504 wrote to memory of 2092	3504	msedge.exe	87
PID 3504 wrote to memory of 2092	3504	msedge.exe	87
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88
PID 3504 wrote to memory of 2888	3504	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1KENXXIe1CbvgLvGkbgxNsWDThcoXO6Wy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb03046f8,0x7ffbb0304708,0x7ffbb0304718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6631060390995460186,17313446806918317998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34d0dd7094597519f3e8c4c515b1948b

SHA1
968b8762cd7c2ac6d9b415a75fcf6c56fdc6bd67

SHA256
74e9076f57e290b2cfc0b0bb8e7486dbba424de2970aab6bc6bbbda2b62401e3

SHA512
59b027f2e08ccd0c162dfe1ad4e868a3e2ea0dfdc1bd715ae9a7f4f01f9be696b798eb789d41e883065f9a31e4fcba7910d42bc7f8aa087e2d9266c6ae350332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
63bc33c7b0dabb00acbe4bb01c3319da

SHA1
9266e28e31e196c00d95f6604266ba37e289b630

SHA256
8781fd51bdb9dee79c2ecbbdfc344a5a249c9b54045ca189392202b13c4bbd12

SHA512
d56b200fe181a2b52f1f77064547e194d8655e626826d5f4266a4edfe8d50ba46f19b9decfb655bfb026cd5bfcf2db301b3027622d4e7c34cd34946d9b193a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac77bbae6835feb6ac5dfbbf8d431437

SHA1
90b68b71ca6135d5f3654d42dc7a5042d2e355ec

SHA256
9746a8b9686b3f4cd4f35ce69cdeb481f5312acaaa3b9150fcb005ccf9e2f88c

SHA512
a46bb679e3a5eda1db3dc44281cb09df89db0a9ef04096785b9e2e44d5cbacd3a1b799bfcea04486cf88bb85156cc367560a6bd65c8e06811c496e7c77258d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15cf5e717e6e4ab49f5b81aab039363e

SHA1
00125e485953a9592ebaf6a9279818067c75ed77

SHA256
66207be37217644a9f3942f1b0bde54db18c9ccdd0c2c8e071d2b3ed625da26c

SHA512
eac77e94f69dbb94dd2b6a820877a20fbabf675343fedcc3becdfbfa49cef14121dea767a15ccf16d19ae15b1e269de860a15fb9ea98beea0ec6b8c6e637d017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bcbbb5b61090dfb2b7950fffda4f1a88

SHA1
dbf09073e1cb2735691ee752d61c77921f16ca8a

SHA256
6caa07653d0f42c5fa722ea7d08c44d1390033fcec9d8903dcf9bf077c5d55e8

SHA512
ed3e87d02b410e7153450131916f1fdbff59974228111dd420e53da8217feec6d6ca01cf522f4338aebcbe32f91a32d4f86034918284538dcbf0163d1150a4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91f29d3922a2f90f6a6d2fa5ac144358

SHA1
e390be6e7c41526a05ecb36db78f23fbb851ee4a

SHA256
c6bb06bd4fda5de00c8f6394bd2a4c771512f0e1e7748e7ee5a900390160cc74

SHA512
96df0ee0ccbd291ecefec423068feaccbe7110e1c5d7cb1d32233577c53cc4999da79c613fbdf6925f9c74f9646b82f907bed9bb36fc1c140c7150952b1de504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f896e9795aa8be271af8f0b6e9b89f1

SHA1
7970814e1efa1a4d4507873aa1c2891d592fd4ba

SHA256
0f044378d07b5067d292bfb86511b3fc4f4435627c4af58dbb1ad7120a581c0a

SHA512
3715829e776949ed64a06505564755bfe29cad0ce33bcc07a8b00c0bb2a17bb70a0aa76f6bed28f24a2e6c6169c812586ab7429539b9283bfb4bfd1033056391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ddb8920867d95636aed3f85676186b0

SHA1
b6c5645164dd3021f5b71345ccd569d1cbe93703

SHA256
d2357965a6dee257eda42c6f12ad5f6636e7790647e26d51a570ffba10c476cf

SHA512
cc602a625fd783067ead94de302b4133535bb8103781f1c6882df9a6e145ed37c45eaa165afca4752546b952d87ceb7d5ce1bc9286f6d6473f004ff772abc824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00b8cf0f529d65905c4dcc649badf3f7

SHA1
6fef72d4376391dee5d68f07d97b1ed007e9b029

SHA256
f7b7a991c858812ceb520687f906d0009b1348bff8a6543e63a753da6c205ad0

SHA512
4b74620ea69f19ae55e80d2b0b8f836f3b11e222c992b70f8d354945ffe134df63e73ac54e5dbcfa53d699c70b7f13333be19b6dd0bef9123fb7d60d9811dca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585995.TMP

Filesize
1KB

MD5
599219c036500c341042851acd3b3728

SHA1
96e94ce3bacf805306f60f868144f902d2134ae5

SHA256
f2e8aaf87c3a517495625033099f23a9134c3bb2573081e81d27622638e47b2a

SHA512
dfaf92b537b4aca0d7b1bff27eb8c07404a6dafded6f6f5dd8a2c4b00fffe0eec1e9e72356c1107fc2c55bcdaf0fd45657d9b423567650fbf6a47105578868a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d59ca7f80627bf5caaee4200459c5200

SHA1
4df4cf32dda426182301dba1b252df6f8c312a3d

SHA256
3630334f1bc8a661624f7b88684be027918dec28b3c463763287d65ebac44e51

SHA512
edeb3829996c95e36abef09c9998cec672f5463f754df90d5a5a414beb1daf46cde8df88d89b5211d8ea7f3a9a83f3f1850af1ce98efffcb6cd62bc151423977

Download Submit