hxxps://drive[.]google[.]com/file/d/1fBjZC29XCki6FKmKDxNJdHEfdVGrUkJG/view?usp=sharing

Analysis

max time kernel
145s
max time network
139s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30/01/2025, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fBjZC29XCki6FKmKDxNJdHEfdVGrUkJG/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3196	msedge.exe
3196	msedge.exe
1292	identity_helper.exe
1292	identity_helper.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1684	3196	msedge.exe	83
PID 3196 wrote to memory of 1684	3196	msedge.exe	83
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 5084	3196	msedge.exe	84
PID 3196 wrote to memory of 3100	3196	msedge.exe	85
PID 3196 wrote to memory of 3100	3196	msedge.exe	85
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86
PID 3196 wrote to memory of 3820	3196	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1fBjZC29XCki6FKmKDxNJdHEfdVGrUkJG/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffde7ad46f8,0x7ffde7ad4708,0x7ffde7ad4718
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,751113175844854104,14384193006351082482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
77b20b5cd41bc6bb475cca3f91ae6e3c

SHA1
9e98ace72bd2ab931341427a856ef4cea6faf806

SHA256
5511a9b9f9144ed7bde4ccb074733b7c564d918d2a8b10d391afc6be5b3b1509

SHA512
3537da5e7f3aba3dafe6a86e9511aba20b7a3d34f30aea6cc11feef7768bd63c0c85679c49e99c3291bd1b552ded2c6973b6c2f7f6d731bcfacecab218e72fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
340B

MD5
21ebf5c350204b8ab891792908f63964

SHA1
b682e06cd84d6fa3bc8948cdc76adb96759d0e3c

SHA256
2cd5a771d56b64bb91797f703a57e30a55ee981145e2a79a809e51c56abec858

SHA512
b0b148e41ec45f4a80ed83b88859359dd106f47cc7770634489683d933dca007ba79ae773631d156d28bcc7f1e7dcd607272e0a745b9c0d5760068461a396917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e97a507db8325bbdef7b1fcadf06f86

SHA1
7782c07045983db5ad0e43939b0c47b5f8e68736

SHA256
6f1f11f1f73b9c7c2e6866ea6759c409515884f382e22135c9ffde466accacb1

SHA512
47f8687649252eaa47447c56d53377577cfaad1d1a329f26d90d4b6a2f60110e022f262e98f77c409990909ed442e95a3a144971bda607fbbf8c5c52ca9f3f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
72358e9daad302839d6b27e39e7d5ce1

SHA1
a411f34e69893e3e0e7a0c482cd6c458679d2877

SHA256
abd3d2cc223b82493feafbd470c76a945a50ae8c0d47cc220a9608c696c9158b

SHA512
d5f6a25d444a466756d8c64eb202a1c5a4ff82cce6b9577b047898a811bd70b42bae2e902fd24c13ea5dfb337b815cd03562434c65e49ce3d09e6c3c89f3c9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c41f63be92b7399e76c76ce20e7bce8

SHA1
eb270c69e1264e59c90041d8e4076eb541488d28

SHA256
581616060ebc9e98e88035426075b124691e27b8ee6cb32d7a3c273177a2e2fb

SHA512
3247baa469a3ef14b7b0c3c8344815751ec4674098e96a5636de60a4aaef14e979415f13611d8b63a46b6202bd72289f15a770f544196a9f7c91e1c23f4b9775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d2f914c2924a2775725c59f140b9bd02

SHA1
3da7a43bcec9dbd6097b04288c19916f2315c65e

SHA256
a4cea0c58f247b3222d125ca738e6bd80473e3b0b5a61110731b599b5fd012b5

SHA512
898a0bfb1631714097bdeb106736b7af450d64f4016e6d4f4ec465459e88897fa482f157f2c2d9adeae448bc691aab2107bb84fdf0ed005c9742dda7f648b0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
484fac71e87463f563bca896307c3826

SHA1
e733e5ef8368ea59e551d82c32e9b1b3cd60aaed

SHA256
dcb100824c5dfa4ac437366219dd5b91cdb24703932da4bca18297835cd14123

SHA512
3eaa44b2d0c22c8b598f3ce762da304253fa0cf66ebe6c9be489b17481f8ab683a66051dedb30b1253f942c73ae2bbee243f505c7b88fc20b6e55533e38a2941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f34146b1e8dc41c32fb15848567b1697

SHA1
eedcec42105a3b84680c106fde0afa55d9bdfac1

SHA256
2e17eadb0c1e67eca1f2da6d05456c6b7d963c567646aac7754c6e3096260df8

SHA512
d9a32eab5ca4fa71fe76580aa338b89bf5679643497f77afd68b105cb5a47d5bbe538a22c10c05d9239a3e7d423ac019db11a8806f3193703813faf915a5e30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
580f41a17061a1d849f7e9d60ff18aa6

SHA1
762fd39e2b9eb3e21d51f4ebd7c55e0557420800

SHA256
83637c94ec37e78e34bf1cda227eed230a7424e39f0dec45bc07cf3f4f22d139

SHA512
3ea6bae95cdf95e30429bd39dc5c8d0cd18337d63916972d21d0b86ae21b472fa1da6ff0f57f03268b447b47efd17b6ebd435df3737a3da562772b5f69038802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90694c4d6b1c18a397e78071dcc62197

SHA1
15cf5dc668918ed49e22b973d60a009c9295c5fe

SHA256
a925733e59574b9079026fb2c72b994bb3528f858c76255b64e1764250efb1d7

SHA512
f81b0e387657719b81906a435e5af87a5bad0b24a0e082215bc6fbfb05861a67b949ed76d6c1aa26a97da8a3994d5c04ddc1082399e98fda2dbe5416eb5cf6f5

Download Submit