hxxps://drive[.]google[.]com/uc?export=download&id=1sUg7H9YJioDmHylCoYkAAXFGlqCzGp7S

Analysis

max time kernel
840s
max time network
845s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2025 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1sUg7H9YJioDmHylCoYkAAXFGlqCzGp7S

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
736	msedge.exe
736	msedge.exe
3992	identity_helper.exe
3992	identity_helper.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 552	736	msedge.exe	82
PID 736 wrote to memory of 552	736	msedge.exe	82
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1420	736	msedge.exe	83
PID 736 wrote to memory of 1360	736	msedge.exe	84
PID 736 wrote to memory of 1360	736	msedge.exe	84
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85
PID 736 wrote to memory of 4056	736	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/uc?export=download&id=1sUg7H9YJioDmHylCoYkAAXFGlqCzGp7S
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15630000139853684421,7016209299590476169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
dc586fa86baabc1d4b2b2772f9a7449c

SHA1
0c24a288ddf1ed259cc126fb0bdfce06053891cb

SHA256
7b98d0581a00570d7bffd53881f07882587c56e4505e1427a6a10039d1648ca4

SHA512
9ce04343f83089ac38a1ce7d73769209992e6ae9b44153522b044eedf2fc0d9330b9152c6f0f672deb26063be7b851669ffb1a4d1f93030ad1692c99c02865e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b26aa0297006bf742a095cd4d0059af

SHA1
02b0516b334fc461d4f7f02df726961996835631

SHA256
339d30d3f2ebaaa11e565682e4b8fc6d58461778f8eabb2a6988fd048ae5e017

SHA512
2d39fb4095e7be12abbc6544055586f68f635549f195fce00139a6bab3cd28919e0bf8629e413658f7f2bd78448ea0eadfb1fdf5d4a56c23f14dfc6ef9f5e027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf26e58d586f8ca65575f075a7f1a419

SHA1
4b6be188be70f19cf0970e58ad89918f3aed0128

SHA256
175bc9aa242a972321514683292c3e68571dfe030076914e580c7e2ddce817e9

SHA512
fe3df41c34cd71d1567c294eb23d003aaba068db69d0f628dfb994cfa3999aa6fa8b134a3186eca35379da9ff14805c5646883f87a57059f3224d7b67538dd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea2bb3b51ed0001c454a0069492057e3

SHA1
5f8d95cafe7937de72de31794d027ecb56ff166a

SHA256
ce8accb1ceaa8d79ed952cdd664999a86f9f4feaadb4ec418a059a9de5950558

SHA512
bb2e69c935280e06d311aa5737ebf6d35e986b6be6a8e612bf441e14b3a2639ef47cd4936fcd22ea556bbed8e23ec645f40c11d5eeeda1f2ca459f408de72489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f2863d8562efcb8903f25eb0e98611f

SHA1
7e597f36a685a8a40e0f52b4eb611c458bd2c6dd

SHA256
9359a1b6547c9cb110af7d7e161e02ece5d137b94234beb4390c832f9b98db7f

SHA512
212d8753dc859988f64c8a45bd23c15fd806032fb4450041056d16b8d0057716195b584d640638485b748124449da672f1a7a2e2360a69308abbc07f4534ee66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc19a5b9cb23ea558250db618d8ad966

SHA1
2a74ca1f3f2faa1dffe7fbac65f938a9d918b4a4

SHA256
862a29164c001413fc2b411231bb82a3068998b42776fe76afbfe6585865dfba

SHA512
2858c6c3d6512dc5ce0b0c6921950bb6c6d85256add37a3d15d3cc6569181e4cd5690f7d679f268b99e50ca128e0e888d34f727a65993fdc3ca9ed353075c22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
aa4a3b662cc3bdbc163a66b189976868

SHA1
f5b8496d574079b3aa983dce3d13217ca9b34dab

SHA256
790dfd53bfe8820f684bca777bc2ab299373e06b4c71783f80630cfe91be97c0

SHA512
98b9fcaabae30041965f3ffbb924ffd9b93d884f5fd14080df82a998771dbe681d56fed90a29640499a53de75fb31972b2209f3c25fc7203b04f19caf9b14d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
009872aeb8f9548ad223d544260bbbcb

SHA1
ea86afb8d062226dd271ad7902ca0b91b4abfe8c

SHA256
163d2ef923a2ca8b8fb12c830df97923f00eaa4cef29bc34a7603d9ebf28aeeb

SHA512
13e4b9ad64bcee38050a5430949cf529bb0cbbd83585950dff1654058c85f2e9ecbff2800d4d9dc718738bdbf76a7a98f63824475148b65d99498c35cd0a1465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d45.TMP

Filesize
369B

MD5
b3e36b30eb2d8ffbee1ee3d0a2031424

SHA1
fd5b845c7e84714834957a9037f9fe7de4c9afff

SHA256
d3abce84866f3a66746d18b74a2586fd5e32f927c5f79caaa843116611a4271e

SHA512
a8a2883b429c50de5d458873a5b0dec9155226ec1448a13e27ef169ae2dec038821c8fcdd30dc300f62871dd590704676df2360773bab7b4dd32979e8907bc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
37e65aad296f0bd9568cc6a7f1c340f7

SHA1
54341cbbec9d87f48309bf550279e3d43440e8b6

SHA256
a910bf879ef86f43cd54f3b12aaf500b269066a2e9650a541da59b603098421b

SHA512
78d7406b1e4fd646e0e36c0e66f23566ec44c97c334345c3280a6d50b71c4eda5cf14b42747cc9b59aa1b7f0efd2d1846a391c3ee18dc855b8e0114045218d20

Download Submit