hxxps://drive[.]google[.]com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Analysis

max time kernel
523s
max time network
525s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
16/08/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
396	msedge.exe
396	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 2232	396	msedge.exe	81
PID 396 wrote to memory of 2232	396	msedge.exe	81
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4184	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	84
PID 396 wrote to memory of 4016	396	msedge.exe	84
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85
PID 396 wrote to memory of 4528	396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe56bc3cb8,0x7ffe56bc3cc8,0x7ffe56bc3cd8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17608698727786713491,15506429418768248740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4532 /prefetch:2
  2⤵
  PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a2252b7-34fb-4900-b387-d91ee7e387c4.tmp

Filesize
6KB

MD5
df3a679441e70929ea80b23a8a7cefb2

SHA1
5f2116219e0cd8f16e963f2df56b173e2dab28b9

SHA256
df969e4817fa6c426b07f1efd618070c1220febcbdb01ef1607d3e1db9e5303a

SHA512
ef852367d8959f54ac4528264c726016592bdbfa53787b2ffc9dd4afa226dbdb47008579c8e5406894800d1f7f6482ccc62903a941f49982ee24bdabcc8660ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a01c3c740228dbe7974fc2d3634c2016

SHA1
befcaa35f48908be8a14d7c67bd7a3f13c68f5aa

SHA256
569eba860f54f1f5bf6336b050f24a481d84a0e65843c001321a988b27d484cb

SHA512
faf8ecfe8350c2a0ba8abc71d7d8fef5f349154c8ae57816b18c01d1fb92a2bc0bbeff3ec49bc8451fd19df60cda7980343fb5e89ccb40153dee5daeb2753034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dbf1391f9cd52a66e4dbe54c23f5a66d

SHA1
ad73f4dacc348368b99b029eb4fd05547c983d06

SHA256
517f0a90cbf4b6572498013dd820789083cbf7862a5721d6c370894cc78e0764

SHA512
434f6d61641a971f43623bcdb269560f96d006aba941c16b6ac2cd28bc13a451598fe9fa51cc63eda4500f457e8e70263265c85238dc0d344f42d844b0e836ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ac84895aaf2d10d0426f70f2eb9abf9

SHA1
ea79fa01b1bd7211af8787426876b6701655a1e1

SHA256
5cf0ef389ad49bbbfea154db90cc0b6c9795fe94ecbe7177e5aedce941b263c3

SHA512
09b2ba3ad831d2ebeaecb878b90e33e744344e060ed722dc8308f4296c3d479cf06133fd27ed1e05ab04b83b47138ea95edd6dc8626f286c89bf58f8c267d1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9bb4065b53a7caa8bee5519736c2dec

SHA1
eef7690ba94af949ec3ba8a3a2f56f10ae0414d7

SHA256
de64cdf1646f0d7f2339967e2c065f61275f123ee69d27670eac0e61b12a1274

SHA512
6b8449e76155371d47013741f5eb06e788e71c80cd0e4b4041b3ee9b5445c30a2ca437cdd01213e8536a514f156005ef9f9e80ac095793f7a7501523e6a81b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
997593008f3863964f5aa68877eaeb5b

SHA1
2294abc17ba33aae3dc34e6b5a65b4b29b69c58f

SHA256
03ad3e0f4630c55c51ac0a2e15ef4c9450ec392555b75f422ac04952f0038f71

SHA512
a98df0c7514e4c46c0eefa2a1267cf443563b66db9651a4ef0e4f625dcf51b11ccde33d7ca26b4adf2af975868c52c3ca6b66d6e9f0bd2b7c7f42e57575c47c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6ddd73f20a1e4a38f8aa5b53f1c90519

SHA1
200394e773f13bbc0fb2a9c6111b0b780d46a647

SHA256
a2775a48f58fbdb22a514385cf9e528deda9b258b03755808882ea55d8704502

SHA512
dffd90b15e937c78a0446b082f40a4c915449f41b45bd16db369f30f15191ef86b0a4597d0f25a18d7d13e0ec06a6e7acd745cef5314420d5941f3a32116aea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
066e7923e1036edbf53208c3136c9245

SHA1
a7edbd2b7f5bffe4047b993e9eb89070c5e0a2a1

SHA256
9ee67b6805798288814ae4b1bb6872defbc3532bc2c1c463a6ece9d6f3bd15df

SHA512
67fdf59d1c16e1baba37ccbe4b2a990716c9de5b6bd007caf4d2a78b8c6d2db45ecf2ba3e0ea9c9a191655783d91b4bcbf447a3da7140d29b03098c5f87f0660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5062116a9fbf648e264e96ad4b96a7cb

SHA1
710f5b0a54f373a0d6bc870d8b16927310f7f7d9

SHA256
0af2d6e894c8489f28ab757903903de71c188cc4d04c435a34f36907d3af7dde

SHA512
b74e58f41535574f97746bf8266327e672c653b05f5b378c019084710279771d13106252ef246a0cbdcad5a4f8a04cb4d2e895b3cb5b4715a0b27335c132c1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c2412eb09ee2fef8c410444d4b78f97b

SHA1
ac03a2c5c96c5e0bcf37362ea32d59cee6f8705a

SHA256
64b53e85545da1f3d86ad6bd3f3630f2558422aee8f3b294cfde4044e8724f5e

SHA512
4c5d558c3ce593c594708f43c723966f16625747429c449678c5db36f784fede025012d4950ecd6765834127c11926a0277964715d5066412b8018e2cd49363f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ab86e4bc0c7220986aa92b4199c8ddf

SHA1
2d8da591f73b9196a3b23a8774d9dd340489719b

SHA256
48d4d564316d52363598c355016fda900c3f2b97eee0d873acc88d830938aac4

SHA512
5ead538da06b6588907d347e4cef1b5c23f4e5e18f3f64cdf8a918005a77a03db308261de8945b6cfbc29f2a6d7d8ba8e2b2ccbe9e3e317dedbc50d01d81ae3e

Download Submit