hxxps://drive[.]google[.]com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Analysis

max time kernel
522s
max time network
523s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
3612	msedge.exe
3612	msedge.exe
2272	identity_helper.exe
2272	identity_helper.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 380	3612	msedge.exe	83
PID 3612 wrote to memory of 380	3612	msedge.exe	83
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2588	3612	msedge.exe	84
PID 3612 wrote to memory of 2264	3612	msedge.exe	85
PID 3612 wrote to memory of 2264	3612	msedge.exe	85
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86
PID 3612 wrote to memory of 4708	3612	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc49f046f8,0x7ffc49f04708,0x7ffc49f04718
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8149298336403887839,5958861661941152586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
74622d8f8d492051bcde59069518d904

SHA1
44ba4f786a7cbfb873679accfeb8fec6d1929d72

SHA256
807dba525bc7198ced5ca22276238d19a64c617993aa071d196dc1d22a3df76b

SHA512
af1b3733b9adbb5cd568a5390b82f63747e97dd61b334a828386da533aba65a17e1bb8d74eb6d38bdf61596104fbfb5e7f0820afa123e462bdd7404a83567cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e28259dea3a35edcd6e21015bbe5da72

SHA1
e3fc85f1a8680f74b4ee6d9fc5b6400349f04802

SHA256
3126489b404289b364bff15572695896ff3215c2cc30bf073bd23c07b3f88003

SHA512
f46b2be9d42068dccba4b67c0a22829ddfdb14b5a9a442ec64447c927628953f189b4cc230efa7fb7dc4c9dfbf4875c6306749c388db90174d4656a5b3e9ea3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac29e2406cabe1fe462e4ee90d8653d2

SHA1
784f1260fb30345586d57c2fef3140d45642fc09

SHA256
d56ab3d15d2b4bba34e4e1b7028fade13da871f77e728de2d2558bef861d88ec

SHA512
39f84be30379e855962232ef6aaff0ee1d4a75f93d9abd6f3fc8b9b3abfcb8160aeb1badfb05c1cbe0c9d169416d5f654603581624a8fd621c9ad425e1d3fec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2024d26a61a76da96323e9ca06ec5949

SHA1
06a4532a99906386e3166bbfa86e256d558e0dc9

SHA256
e604fb2d11f711f7c3c142589b97f221b8815df6192d250f2327d3e82dde8ac2

SHA512
286384b281a6800fde548a4803b792c749bcafe96cc1371325d6b4bc19dd0b63e87e6855564acb638c6a942bce963b5fa57089be6ec4e39110412f47ed680a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df4200fae123a8b3adc24c9fb91c8838

SHA1
803c4a5596efce26fc0c90a0f1c6f07658d13084

SHA256
f1807bab31a1e7fad01e60ff6101f62f0520599dcbcf0e3714dd87e015236913

SHA512
a7ac528a1c4730357e450cdf24bc0fccb81ea1ad95c9fcef6733a0011f08287a5bf186a31245e21bf3b4213fcbc8679425b391d718b3a68e06427298e6073e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8182fa47f39c4ec4c2a6b0be241ac993

SHA1
81dc6548eeaeaef2d530061bed1593dd72cedb76

SHA256
cfb43342446eba3a847cd02ca2d01fe58628c21b9493f91d5300026ced34adfd

SHA512
1bbe248fd3775c9ab0e3871524551b62d5facb63a5b00627c2fbd2c190c3d4e98ad9ef27e2cbb4698c2167dad6970f69d1b4b0ebb3aeb70f1e04237e86ab5b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3dccbbdaf903c3bcd3efc87ce5f783fa

SHA1
39313d65610bfe05eb6f923d0449d62db762d3bf

SHA256
8b3ba239e7e78a58251bde9f731c28f62a895e7758bf98c7b2445d93e7ef8327

SHA512
ee721e8f473978e2faa393f1d18e4d61c490e671d5b13ff499008aa49e421e87ce04368bd13e1b69c8ce683cc5f07c6e8209ace7eb407483588b2ea3d7b45bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
633808fbd05ccd7cfa17a94e422170f1

SHA1
bf1fa669983e12d9b40c6aa217e5df7b67c5a885

SHA256
48cd14f0ec5197cfd2d1f6f256954af9876f0a3ceabba50e2ab9240cbaa0d70f

SHA512
24cfeb393b48010586b62408bad6047a05a7231c2bdb14a3295c68a34522972b2b38bc925046969fd92808be64ed3dc220c2d586bb1d374e21da105f70630ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b255842a2b1b86690dca38ab50aab735

SHA1
d5c21407ed963420fba941875a6da7e816fd32f9

SHA256
0d48106b22093bbdd292fc9619c04e83d9c8b9dff2a25fd2ee736eb4a728de8d

SHA512
03a6f76432fbc4407d4cbab30a0939b01ea3f0c9a7c18013b7639bf2b851e5855f557b0547d5c35acebd386cd36afabfed026eb24982efad682592ac55bf8173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d17c7cfc-3a03-4f65-a09d-b125d0318e29.tmp

Filesize
3KB

MD5
177d2ca40da3702863ebf82437bb5a9c

SHA1
de2c9f2e1b9109a0f49139a798a1a58a1e6f87f5

SHA256
1df4b7e429ea417f834d982e94c8bef4a6dd510980d527cf39a96f4417286877

SHA512
2ceb1c9b7b2fe0b5d20a5598af73e42a8a21fa4128c00981f67bc1967c43bbb42e49a52a380818f89418c97b968c5b7f48a9d7bf35340d1931a677f13e9efd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3e63aacf56f12bffcbb617196b9cb120

SHA1
9a30b5402edd78838e54397aa5d89f84db0310f1

SHA256
cabaa5d8e6b0121867a6fabfd0d41ed7c3982e13ee187b67581431d50584f680

SHA512
ec019308f685a1851b8201d5821615e741e84178dd5699cac7a2fe5f7ffe076353e9abbef0e1135c3d5ee774d210de3a17d3db991b17a3624f57119c1b964d89

Download Submit