hxxps://drive[.]google[.]com/file/u/0/d/1tfk318ShiAt8UijC_OSmG3t8y4xjpeZu/view?pli=1

Analysis

max time kernel
522s
max time network
524s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/u/0/d/1tfk318ShiAt8UijC_OSmG3t8y4xjpeZu/view?pli=1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

1 drive.google.com
4 drive.google.com

flow	ioc
1	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3324	msedge.exe
3324	msedge.exe
4852	msedge.exe
4852	msedge.exe
1424	msedge.exe
1424	msedge.exe
484	identity_helper.exe
484	identity_helper.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4852 wrote to memory of 4528	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 4528	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 1976	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3324	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3324	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3208	4852	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/u/0/d/1tfk318ShiAt8UijC_OSmG3t8y4xjpeZu/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd244c3cb8,0x7ffd244c3cc8,0x7ffd244c3cd8
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9902058325403330551,3866063114334486194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4612 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d56e8f308a28ac4183257a7950ab5c89

SHA1
044969c58cef041a073c2d132fa66ccc1ee553fe

SHA256
0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

SHA512
fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8f2eb94e31cadfb6eb07e6bbe61ef7ae

SHA1
3f42b0d5a90408689e7f7941f8db72a67d5a2eab

SHA256
d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

SHA512
9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
738a6c8c665568cfcfab8b7722e2c3d9

SHA1
acf4583814de3e9da0238cf0d07eec630045d4c8

SHA256
87993fa025cd44ef1d2ec6ed3d5166851cc5098911300166ba162b727db52a2b

SHA512
f0fc7b008328b815101c67a99e7b482a7c359185d82c2348cc8b7b85205169aa126a8da2d983b14c151a03b3f76568e79c6c022417af5ee7008d8243afa47ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
435240d2ac051e9c0d50e159b5600939

SHA1
f648fbbaecfc81a4d414d59be91a6e22c6224d56

SHA256
d9931e799b9f96c9aab35b96abd638abe5b63fcd75b868bde0e059686cb0b6de

SHA512
7f0a102252c3782c03bb6b3c07ef549e37eaa046f6bbf506bf222d96079559bdc8b47fd74a14fc89414ce62513eb159040aa1b2c3b189074e1e40110c2d407b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
8b42c7014c7cc41f541a921bc32fca05

SHA1
d62fdb002b9c5e8492e0bf56d7c6e11860d5ac32

SHA256
ed406c1fd43cb1132380931de96e217cbe663b9bf3d453d0ac0f6fd07ba3e10d

SHA512
68e665b2d68c2a86381f5b94c5f46b027e084f46d82a39356c19eaf7c223a9ed73d30858b22073b584d9e21bdee4b25554d1d93716d74043370d8ae36609b632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
94c0e921ba6b552f05e2919b6e2da709

SHA1
571e9bf98278abd96829503602947f29a60da057

SHA256
efee87114397d16d480f9879778d3859d1583252bcd4c5a6c124161fcba56b9a

SHA512
34f076ebf9eff832b4c4bbfe69a720f07171f74363750a19d1acd4a614f193195c8016f13fa8cbe9461a90697b2e6857216a1bf1497141b536614c3ea23bd354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
de8fed12a3472d702b8241c8bde5f3af

SHA1
431ff84500ef288bccd5bfd367bf1b28f70a22eb

SHA256
64aa0a32891627685294c548dff56b7150331deee1e2ecdf14760be111cc1592

SHA512
e511422aeb422bfad2e8832b3f70e9db95853544df28913f282b5c79e3cd906fd7157bb8b8daeff50b702b435b80be3423e456f339710ead619ba577d4b503c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
2ad7cd315f2f4a818e026e9c40a3cac7

SHA1
411ec7f8d0edfddb2f66fdcec7a6a3a9ac950f2e

SHA256
5f4177fae552e77a951c5d8cc86a696416268211026313be302db7dc00ea532b

SHA512
39919e00d6e8afec91c3dd81b57c6cc3fbce5fabdacb2ae4e4e0cb0ede7c7a6a5f80e4aa966b799cdc845b1cf188d26e9b8b9e943bda73b0a017f3e63755157a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
73c80fbdf51a7c25683c4b11cff68fff

SHA1
89fe2cbaf974a253d24df662a3c2033cc9f91f7d

SHA256
2a60bc7882c01d8ba0e80ed35a7adf7b458b6daa3036fe4500f8624d155b9213

SHA512
11846ae567c1fdd2c9883ea5819608586440fe7bd5ad21a98e2e028ffef316682c5bff4a412365681f0d55a316956edac629dcc6362843f976f51d3da2041bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a2e97e07c606e3b5f5fea825cef04599

SHA1
ef282f4d4b823bf386832a0edf46ba9c558a5c2d

SHA256
9f377edc39765e10833b4148cd4f74d5400cac779b14cc8a194cca1fba6fff00

SHA512
3351794b461ca742edceaa18f539b1d4c7b5979ff4c0faf8cf3e17c548d2c10df0dededbce22ed1c075e18ffd86ca3ea0b7c48fdeed9dd3c202e1640265b5142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7a067bdc16eec67b97cf9ed614b7f4e9

SHA1
ea7e06dbebdf0c439840ec61d53f78845bdf067e

SHA256
8c5c9b614b8e77034ae63b2da911e1e27ad17ea76184eae8e9ca5d1ed3e58c3e

SHA512
1627c79d35897dec911ee649769e92b5facbc6be56a8ee3c1ad06e9918c2983d1cad6a8cbd043bfae14e90ef30f3e9e06d82c2ad7596892be6cc7a56085b9785

Download Submit
\??\pipe\LOCAL\crashpad_4852_FJRIFXNDDYPSBIKP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit