hxxps://drive[.]google[.]com/file/d/1tukbRzeDvVe4T6NrNgdLK7FrScG2QEV2/view?usp=drivesdk

Analysis

max time kernel
522s
max time network
523s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tukbRzeDvVe4T6NrNgdLK7FrScG2QEV2/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
3820	msedge.exe
3820	msedge.exe
4200	identity_helper.exe
4200	identity_helper.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2412	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 3424	3820	msedge.exe	82
PID 3820 wrote to memory of 3424	3820	msedge.exe	82
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4804	3820	msedge.exe	83
PID 3820 wrote to memory of 4276	3820	msedge.exe	84
PID 3820 wrote to memory of 4276	3820	msedge.exe	84
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85
PID 3820 wrote to memory of 4156	3820	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1tukbRzeDvVe4T6NrNgdLK7FrScG2QEV2/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1fdd46f8,0x7ffa1fdd4708,0x7ffa1fdd4718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,858248706581584937,1181345632986713365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
a9eb6cd841c6841abba96004a07966e7

SHA1
5dbc2e7c6c338573406122938e20757d8a63457d

SHA256
6cac3ff5899f066a60f5148f188389162a3c7bab410e42033ecdc86dabaa5e6a

SHA512
5d31d5fb412c6bec90370738f7bf7776b288d3c2ac8ecac25c34d545b7103fb655cf876a6a12aeb32d02b96bd08dd5d429e82958c96df0126c8516c97a8b9347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b209d6719333c76f2e85c94cefd77f44

SHA1
e94d5d00bdca354789c8cab0f06a2763871fec42

SHA256
df3ad5b2f1333d98a18762b448d51cd33097aca4b8bd54425820e571aecdd92d

SHA512
13ddbdbb7ef4e9c501306c3589ba9dcc53708e7737e7415467f410f104e599467f65c921a41addfba0a42d030972d4feecc33415236ce9e892002419a8257ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b3e0801946b3b33ce435cdcad2307c34

SHA1
93447aa05154fc1bd4656fe8441619e3abb1183d

SHA256
55db6a55f3262836b9110185a482cb86a95f467dd4c3b0198da7edd15a267161

SHA512
feace6b0ed1f584ade00fe5a9d113a394c2d340d087e1da2351a1b425bdc330cea2101776db80e13238fc808945385b15e314f20ee6ac1d6ddc61ac0a269441e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cbb53233a6bb8c30cec34a26396cc305

SHA1
59240e47751241082a12d592876435ca7ce87836

SHA256
ace400813ac7880c260b717f88bd16b95680f3ce4e8043b54e6e0737f0512d3e

SHA512
c3eb2f729f81e545a6f9b9a622bfc1448ea7c8d6a4e3e50455dc36dbf793a4202399eb21d55d4d2567a15339b7e3f83708da420a74b986dd22f2b05a1264a143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04889a00ce2f670355b8cf8fee1f12c3

SHA1
6a1ee7fb1754069e36954373c40318d132f48e53

SHA256
76a48f8a43b79c77216aa64ab4ba01e743eee18d65ded057571c7399272b1736

SHA512
48c7974139e204bda16079a1d98dbcdd2369052f882715894819c121dabf4a50edab3379f016e9856989bdc08562a0d4de95cbdf46be8061ec8f3ef4a6a37ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
064137d132bc0e695dde18d92731774e

SHA1
137c6027e92bdf68777870432ccabad74acac5d2

SHA256
747de44579e792cdafb9a860d9738a741be10270323a45e58efc70992003763e

SHA512
4cbdae52b5598c6cdd69322c313ea686e6b1adcbb9cbb9bc7daf52077547e33f4b476d30c41b2734f6659b35f40687e0c8de670b2a4d6c571f6d2865340e4c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
a73bd94bf4c3d59fb45d16d0c0d052de

SHA1
d63b29961a3877f5fe76fbc8514c9a9b91ce977e

SHA256
9bd576ff1e874c4a1bb4f09a8faea3d89cf59aae7e595e22b291d57a4e03c558

SHA512
08cb3fb44f84cb5b7a5b136c7f869fdc1c9c7bc558574f87af75f60194f38f62493618ca486573faece03d27f8f9ae0052efc9b813b2cbce8e001b4465c85715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
33B

MD5
b0195b619cd45d0f8af48fc59c3d7716

SHA1
d153ae8be73da841309a68f26d26642d05ac20cc

SHA256
37bb3e6cd75d830156a6934fa1d1516121b37b4a220705fe32adece7b7ed927e

SHA512
6d917a97131baa380386bcf2c83dffb97f832e85f9510db3df4f7cdcc35396da58e5e098fbcf3fa7867b7909c09158d091ac0432919ca685ca5c7966b88a23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a440e399d9bc92019145b05678c2843

SHA1
4541a6740411cddb36487b0622a15f2b20b71011

SHA256
b2cf83579736a836fe6853e2274744d6e20c5d4f0d9e5c1d6354f5c17a8f582d

SHA512
a62b56bbcbad629682248f89bb0adf7d0f21a87c405cb772af70218aefe8403a193a65029318d6b92d84275b55d0fa9cd72da2915ea5564db2961b2cb3dc3fa3

Download Submit