hxxps://drive[.]google[.]com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

Analysis

max time kernel
65s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2024 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3244	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
1676	msedge.exe
1676	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe
5680	msedge.exe
5680	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5768	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe
5768	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2672	1676	msedge.exe	84
PID 1676 wrote to memory of 2672	1676	msedge.exe	84
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 1424	1676	msedge.exe	85
PID 1676 wrote to memory of 60	1676	msedge.exe	86
PID 1676 wrote to memory of 60	1676	msedge.exe	86
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87
PID 1676 wrote to memory of 1184	1676	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1uTV22jM5e0svfK9ClEfqlKEujgIgP0Il/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff882f246f8,0x7ff882f24708,0x7ff882f24718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,5595121870190473422,9041996186107729415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5768
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\h2m_killstreak.pak
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
6d3680fbc4b8e730fbc5aced9ed026b4

SHA1
9f7388e30a099fcbcbf75495037377abc0f3939d

SHA256
0c84cb1f9646ba8f77fb765ef0cead8cf1a22d778ff2bc09c5dddf012dbf29cf

SHA512
29d94fde6e29939b6c625f5bcf3913eaaad0acb86db8d6c2e4906d322f6d4699f509d69b32360e8f06c0c7dbd161cba9d3a65f71af89566143e9abb14520ef9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbc4a656f923b041f6f4c1c6b4400028

SHA1
47552cea3ef6857aa3a8d104edc0d5c61119c530

SHA256
a410f7e99cce8c11780e9c286d225b6b06bafb672849c7b15287ff4654f1cdcd

SHA512
43200e0b8beacce4f2a1df0072a536dacc3444d8c7b9aa7b508d4c913a4c43279d9e636ffbcb40ae75b92a749572c8ae4cda92a66c7aee951160790d41471919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3070daf6b885c7394f5c605a5f95ef22

SHA1
ac1283d2407fcb060cd934bf7243c51b2e453469

SHA256
da2cc5f22af99b6e5444eaa809181eaaaa9e6ec0ca04fb8c0c5de6cd489ad5fd

SHA512
58171637b1a87181ba2e98c6b1bf61e1b9241e32deda53335b4f20000d26ba2f4e16ad2ee6a7d660e414c84877368c5f85ece3427ec279afebd8af72ec03243c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fea89b5901ffffe798aad76f206763da

SHA1
22ce2ade0caed9404b237973f4834bb0573940d5

SHA256
f343064f824db024244a6de7f8ab6cb5ac77087766624b2ee74e55288eb414e0

SHA512
50eb71e3df2a76dd8f9bb599bad836cf862704383c8891d1c12f05676e20ecb99806fefb52cb9198ded8a04d0a67c5828d2e0b93a30e1bbe43eb241f50fa1c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e16870989543a657dfb04120465355a4

SHA1
1c0142e93bc1cd624f875de645bac1f32e4db54e

SHA256
dda4996299f1e31d48831b4ad15abc1344ff23d40f0ff3cb989355005f5645d9

SHA512
fd1dc52731e05dba3e5c8bf3effd5a308b02231f1349b5afe8875303709fa7d4ceaab5d52b6138f33b3a4b790671aea2997de3e56803de3d8a2e9636ce39a5d3

Download Submit