hxxps://drive[.]google[.]com/file/d/1_4eu88YwibaV9HhxUkhiSLKefvyR1CrA/view?usp=drive_web

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2023, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1_4eu88YwibaV9HhxUkhiSLKefvyR1CrA/view?usp=drive_web

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
808	msedge.exe
808	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 3396	808	msedge.exe	84
PID 808 wrote to memory of 3396	808	msedge.exe	84
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1180	808	msedge.exe	86
PID 808 wrote to memory of 1172	808	msedge.exe	87
PID 808 wrote to memory of 1172	808	msedge.exe	87
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88
PID 808 wrote to memory of 2588	808	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1_4eu88YwibaV9HhxUkhiSLKefvyR1CrA/view?usp=drive_web
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc96e046f8,0x7ffc96e04708,0x7ffc96e04718
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7661780201072093527,7771807121585383609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
37470e2f21b73158b63c1ec828594246

SHA1
75a142dbd1875e89265fc9ca9a970dd3557a7a04

SHA256
6f27cf246b4cf007858139ca473a72e962780f9bef2f675c1b5e9fc83900c3a6

SHA512
3db450aab6bc10a49f0054595d453d6dd85ffce4ac71934d3a3b05f5815d8c4afb10f3750f30dbe646d15de7a4f53193d00a74d121eab8511d8fa0a7401b5b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
264e23cd3ea5cc15b50b7c2accca184c

SHA1
b581a38a51e31681e9eacde44d8e8f9d990cd5ff

SHA256
dec833956201d8c293860aed36ce06b88aa12b2e613bd23f07a49baf72e9c1ae

SHA512
0bdbf5812e03eff798f441f6323373104352af50eec182f544db20e8d5c29a64c131ed40abd533aad70dcc11ea356c555a6915805ffcadcad8d248939856897d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fc586869c0ee77a0edd2af42761c211a

SHA1
9a4297a6b88d24117d139ce9db38fdc94ba35731

SHA256
96e4fb9d9a6d8e16de87355a3f752282b3ac9e32d00922f0e2868038cec9101d

SHA512
1551b8f9cd09d6ae78dcef925ed43a1915b4a725852cce3ded8db3abf9ac6bdcb447e90a7a0d63c2355d224afff77503a499f09f9d318cd60a48928a4ff1cce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6482565c409f458e3986bdfe4b324d8b

SHA1
b290f79eacaa91164d93ac949adf1fe9294c6fa8

SHA256
25d1b6cab30bc3b04fe3082a949ffad3512e9ad6aa74e1c7f1aad0c871b9583e

SHA512
4632a11a29b59800201130a0367526e2d0356f5e13a0583dbdea7813fd5c2fa4b2574d628fb79f6a6fe87bed13b6b5a3e99a45e4722baf5101f20e90a16b6456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e9a326061f961747a71208fe3ff1451

SHA1
842defcb58d9d6ee91f1ee30fa9a10515f09eb3a

SHA256
22a147ebb1c9269ff348da7f4817dd445f89538136df207d3e116c761d78797b

SHA512
6dbe89a236d3799208381f7ff33d22b80e4677207543b204a867eb2f085de762ebc7d6d35f943699f52d4aca3549c7bd69f6348bd286d29f172c81fe69bc6f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f48bc5fa5d24d648d828fd57cbf1958a

SHA1
b629a894e0ae25bc1a28a9afee87feec4c694586

SHA256
f030d9a0daf5a4ebb7c9788e7205f33b16fdd8c258ebf7e84e984b7e5190ba36

SHA512
992bb68af994deb61128956967486b715c4177f4c3f71678034392e8d5f425b9e1615683eec90f6df3ac1ede6a3f709b1b4062cf4aee46d98096669e69fa7c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
37aee734c7aed94f3bc00782d33fbd90

SHA1
881a9068bc95574feb2b96c4b3df502168cb8dc2

SHA256
5ddefa9a1206cf220ff94398f98b920ec2bdf683f3003cb926f3257f86625375

SHA512
998aaf195749c3fa60feae3fbd2698f9c683b2be273acccca8cb0d0b339df16942573956dd6bf0bae83f8833a502f9b60599010c377abb56610902d10e9af8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5893a0.TMP

Filesize
872B

MD5
860988ab8d9bf886f41206427e7d31a4

SHA1
6e74294c9b1ba161af7b3a6893d5031cace16a20

SHA256
b765a5566462bee9cfae89e0b9e422b3d5f6d31b92e79843528901cf23f5d6e5

SHA512
aa9fc35b191529c45717ce7f114b7e2a588ba1a89a7b8aea150b3a56348c0e6ed0b1f744ad6bd6337a22231f8b44da30294ae09aada18e546ed89f00785f8eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bef68599c4bab316a5cccee80a5e7db0

SHA1
e8741138f7af686ec0b130ca6615ef071575ae16

SHA256
a75b46c361df795d8d5a1518a477e2fb4f64c3fc3804df1551abbe5f9d5c905d

SHA512
77f9410e3953154ac3ce210cc337ad60cdcc2602e02c885bd64984499a16acb4769a86d34d4942eda3dacc42ed710773e9ec5b8dab188405e06961d32774bcbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e58af24651309d74511679bbbfcaab16

SHA1
82531addd0049c145adbe983d09ed6b61232e0b7

SHA256
66419674535413257ebdbded764c6df9ef2da9b9af1327399937c34d3a77b175

SHA512
c1c16c87807d99fd75b1621c1c0c9ac5c0807adb529c10719624320d4afcc4bc63037fa9d6eb73032e7410c7ad417a18c39bc9c1425beb6f6fc5c7321edf39a5

Download Submit