hxxps://drive[.]google[.]com/file/d/1wp2tJDAyku8mqNBW2WphOCy9ScqEe9lp/view?usp=drive_link

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1wp2tJDAyku8mqNBW2WphOCy9ScqEe9lp/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664067302531008"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
3520	msedge.exe
3520	msedge.exe
960	chrome.exe
960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
3520	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4212	3520	msedge.exe	86
PID 3520 wrote to memory of 4212	3520	msedge.exe	86
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 2456	3520	msedge.exe	87
PID 3520 wrote to memory of 1760	3520	msedge.exe	88
PID 3520 wrote to memory of 1760	3520	msedge.exe	88
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89
PID 3520 wrote to memory of 2156	3520	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1wp2tJDAyku8mqNBW2WphOCy9ScqEe9lp/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffff6446f8,0x7fffff644708,0x7fffff644718
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11728346565610995417,13026388094089657352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11728346565610995417,13026388094089657352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,11728346565610995417,13026388094089657352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11728346565610995417,13026388094089657352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11728346565610995417,13026388094089657352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffeeb9cc40,0x7fffeeb9cc4c,0x7fffeeb9cc58
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,42490713328765184,7834307481166775849,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:5260

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4ad1696e7cdb9b4f8568f38e5fa566bb

SHA1
b14e465b9d574c8cac195aed5ea6c8888fc85011

SHA256
fc900ae0db6204bd59511554a80963b9b38fed661fa16ae88bf4df831ae14523

SHA512
5b522b2bd5ca7d1a6b2b603964624f494d930b929d86a8d1d0c9bf23c81510a3f1b71388a64b55bd1c1f5a8279f5d17f31c17534852e068e3c87487c0750f218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f864be1e2c7c8c558d7372f04e9aecb2

SHA1
cef998cf91c4e0d15ea7a0237fdf3880d2348bb0

SHA256
0ab0bb773d279c3db45b95ab7f7bfe1780fb9c9f8db21e5dd56e76faf03bfb9b

SHA512
c14d594ace1c7f5fa5631964782652da1d8c7cbc18958816caf90df10028361ce2da3de2b492e2cf7770647ac6f188dd44175b166abe375b58d585036b18406c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bfeb4c2c360045253387d795a7c1aa3a

SHA1
bae30f7e2b1fc632061a2229419d40b2c5c43d82

SHA256
eeb255f5f0fc1077a55f3222263a34b8307749d91e97246c61794afb578b84cc

SHA512
ac44ec08845138e35845ec27a57f536eb2e5d809e8d5affe17f97a6a773277b333bd3714ac9af9d064f1efe9f69019e5bfe6c3a50f185d6b12642a4de58be46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a47ba94e2a09cb74973dcf2ce2e2431f

SHA1
fa025c33696e958fc4fec347578f73fda6cb90bd

SHA256
cd040c2eb357da83881678ace1c8732495a76fe5f4027e4880a850c416ef0538

SHA512
046bf42a75921380b312c20a693fc3cde7232bbd4dec6e01f31b96705cd8fdd893bf69f9e1c33c92a7e683076e92c884566c735d164e3360f5203a30c56d14f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
7cae48bfa04f51237f0a553ac2447cd2

SHA1
4420b7863739426f1b745260a13a2359aaa0a186

SHA256
359b473df1cc8f2f725ec8c71249b62ba98121c09c5b51ca4c4f6253c64bcd23

SHA512
20c2065534b31126a1fd846c0e6301b8fb4fe99f1264d47dbe258bc7d5bf43cf2d59801d1b0fd02d80d1e61c1ff781380687995063c7e313659cd11152999511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ba6d4b45d3c18493a549d86163e59f75

SHA1
941e70eabb7b51e1a6717d885c51fa64fc5a3966

SHA256
ba3a7501cb84dbb36b298675c5dc9f43df03853700ad2e8722fb74b6d89c18ea

SHA512
9b970b83b579f7e736a4e5c2cc64d817a513532725dce75d4ff4591b73b7ddcf5f08c99d5fada5da7caf43cfbb92c813cd926d071fb24f4e8ef9300c70084502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a3c92be480af7744b6eec9317fb9fcb

SHA1
51eaa6afeb6ff106fae6dcf8e5ab5bedcd2ac213

SHA256
33b3f119dfae5a18c619e4aba5fc7283f017b44895072f2c98b91f65453fc252

SHA512
e23737c5a3043e13d4f414ecd12da4c609002c2e75f96bbad11cba3045d657f4a3fc3a443721044f56e23f7af2f16251bcd432f53462edeaa4a795194a723aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88476514cd4219e5e9f510cbafea696e

SHA1
77a3240b853505f46d358cd89d6436ca8eff8c96

SHA256
eaa3b3eb854ac5fc6b4ae5cbc48d61d4d223431f72d8d9286bbe3a6c3898d55e

SHA512
156651ed7f92a6e016ce5a6857a3d56189f90ad8d6cdba15ddfdd8025fffb174955b03bec1b2ff289cbd95128513d9718e94c7b1f4e2fee3bc15a5457442e55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07d26d67d2ac89bd8f550052894f766d

SHA1
b6d4f58664c4e228467aae534951f08ec116c4b7

SHA256
1a457e0b42eea34f3951ce2e072a54fd7dd57f15a58cce1e33cb3fe7f5b8bed2

SHA512
f2140b0a73910dda36b2577423ba3a854d971285458240fb2529e9ae503f96d79225acdf4f54f5817082554855037f29958062b4671de1142fab0b248d516d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65f0342c9a53909adbeb485de4168d65

SHA1
8773dd693b641ed9e44ce4fe814ed932cb163776

SHA256
dd369b68e9c9f34b23f1ddcbfaa55d24c9e6be4b428063808bc942e463f5ce29

SHA512
a7ac2ed6f400f690a1afa0ae37215601436743960646d49c0a2c5055f7faf7eadb89a3d4d4e4dfd685572eea89ea66679f15e30a3337dbfa69d6ee0277836319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
945fcfdc56aae9738615a34532a41ed3

SHA1
3f653e8892b0413d1f9bbc568890ba0e69373b17

SHA256
251ce2a056fe7ca0e4bcdd908e10bf63ae2ab8d5f8c46b06049039628b758512

SHA512
0de4ce351772f8c07817970c2678da213c2f0e1e0618d0cc237c37b06032afa3638758b78d98cc37fa51e1769fd9eb774af9780f062cff85458e188d38ba77e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3e0babd169da8236a9df1e5b8b20bb0c

SHA1
451ac546009cae50e7fb2e962bb30756a8bb8818

SHA256
8a4fd5698977923a4f429611d60c8e222b819b66c4eb525fb8d1d031c29bd714

SHA512
33e9d20cb025f42611f8b6fa4b81c403e021f7ed291e98aa682d42f1f7761d43ffeb1bba1fa27700ccd05168fd1c183fa765dce4281a90dd0c6b4d43d272308c

Download Submit