hxxps://drive[.]google[.]com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Analysis

max time kernel
526s
max time network
528s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
2	drive.google.com
6	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
920	msedge.exe
920	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 396	920	msedge.exe	83
PID 920 wrote to memory of 396	920	msedge.exe	83
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 2612	920	msedge.exe	84
PID 920 wrote to memory of 4060	920	msedge.exe	85
PID 920 wrote to memory of 4060	920	msedge.exe	85
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86
PID 920 wrote to memory of 3380	920	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc434446f8,0x7ffc43444708,0x7ffc43444718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16096166539895284835,14182115592348476748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3260af37bf8c2189189d6d418475d4f4

SHA1
3edda5dc08b99b13aa4b28da16f3e7915fdea84a

SHA256
a7a73793deceb78fc7e7d571119fa849fa44f2c3851e908bb4015fdfea2cca52

SHA512
13d76feb2508eb382b94a15a14568e190fffc1da81ab0d5d48ed4b8a632b63efe35c85780065f67696fb99c903110f85934055690a7a25fa3026c95dbeda6ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e8d88580b6efe3a37f3f3a1151f835c1

SHA1
7d41b39f2b7624e8877b60eb95af7f9e8be0b42f

SHA256
17bfeebfa824ae0a9603fa1284ffd61c90e13225d2d2ad60b38b044408e3d27c

SHA512
4069f27a311097c6f15b0ac6c02c50f560d5285dc97ad277fe492c9d67472c118c28b3f1327af58a24223e5874b8b67d6003d88d526688ad68a4332ee6cf1b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c2d2d01b51ca840c47399f2a4af39010

SHA1
2de9973a9cba39014b171c06805750414d0e14e0

SHA256
ab16d1255c41b357763a084b2d9ce1d191968fad6e08264c60c1f97fa1185118

SHA512
2bb34134b5466c79d6c0131c9030777554588984d0211231c7c868c907ff0d988d751485d72897577ca23818035fa11c48de606127fc3bd5da6ea4cfc9d6defd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bc54191b69ed1583dd75c28b7ef7f17

SHA1
6cfd131c5464127ef02e5760c16fe899fbf04f54

SHA256
bb7c3f428a8551b0be0504812c02172ee45afb6dc6743d7817e8c00766d6a462

SHA512
6586eaefd31f4991cbb2b7e22a1d179bc34f621dbe36574a15940e50431b95781a9d44ac053796e838b52033e7b8b5d9f43b62e1d84b278f73aa3d225c6a49c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6769cdf4d05b7f44b8c1a199eb0a6e4b

SHA1
7265fccfe4adfd428472983b31d8293c826ecde0

SHA256
60ea8bfd2c790b8befac6b1cb5b709044896ff63a95f75161c045845b9ff7dc5

SHA512
64c174af778af32f54aba77f25b5d84fa0b9fbbc28a99e8186b47c6bbb3860336760e1a23e10e6e3ddc15a78ad292e573694dff661d7d600206249de9f5bdc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9530314d9b0c3b3688dc70b4a771bcea

SHA1
d58b624bdb6eee7506b9bd3bd2598e54e5780ecb

SHA256
11f880b93954820e2ff4af9ca953050cf08eb33fb6cf9411e1b87a54cdfa44b1

SHA512
ad1a7321092573f7ae727929b7f5ce41e89c2170277a2ff2f7512304574cc576bc98abeee28352563cccf7679caa6e2e64ea88f89a4d119ee12e8903d5fbeebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
388a188122861fa375920e804737069f

SHA1
89a80413085f790ce249837ed18a23c753e8cb4f

SHA256
a076e86ae84c50e51e0d856b47224fe0db97c960ea1eb6e1a55d95d0efc5ad86

SHA512
90bdfe3c8f88c62cb272b29c7b6962db61e15a84018fabd2c6a878d3f72f76ee4844932482964ea0dce9c3bdf8c6569a928f9c9d948f231ec489baac8160b2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf75527d538f7e8db8048434f84a9794

SHA1
96314609c7bf4e19a225b7aa96b8c63a5d1d01c9

SHA256
83545509f27072c8109a6b9d876f59381b02485302588ae4a41099e9fadcb270

SHA512
e6130f390b673b994a17f21bfb739790e69b941386835eb35bd171b2c4d2c8357c33b99f57f8b16a146b85600274b86ed97b6fa513c13f53f1ec064d77f23edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c92215ac-cd2c-42c3-99aa-124b7fd54d76.tmp

Filesize
3KB

MD5
aaa601b861e2e6d45edf6535fe0822f6

SHA1
4cdbb0e93d5518a75664b2b04a01bdfaacd19289

SHA256
4e5c0976e859702a86e3cf1e5bbfbf89f9490d54a187d946d3a6c43416e114a6

SHA512
21c6aad9f51a11c26adc5603e1c1e7021dad0b2b9d97b4dcfef55b5e0479f635b12780de94367ffdfe24dae4f64493a07045bc8c6e564b9b60474bb9241eae1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\caa6b027-2c16-4564-8f9c-4ec408f16f13.tmp

Filesize
3KB

MD5
d1beb490a2a1a1dcd9cbb473b2cca147

SHA1
c5964e708a3d1ac3dd816145175a42568dbbe01f

SHA256
d22294b9e580b8a931fa8efc9f3d8fce810529cc6e610fd3bc6b3ecde4d3eb13

SHA512
0778165cf9538c679c10ed392acbb1a2d9e7ac9c2a8618fa923884e849afca9b5dd26217f435b780c9eb27a99f13064ead57bf0b30f5839e714e5e425d517dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08214fd07e0ff4334c878a57d0af9ce0

SHA1
1b0634ba14a8e0899995ca4b870ea183e07902f7

SHA256
4035258001a379a97dd25c48435249a12467238a277973c7e936622eef52231b

SHA512
af2a5811ef70ff29ba995fe9a9aeeb6873b0ea60c4a9b6666e983f9ac03f054464734cfc5adb6eb93f14cb022238eeb14f3dac60d696a5af2c87a5051b501264

Download Submit