hxxps://drive[.]google[.]com/open?id=1Dq62ZZgJbvslOGNC4Ahw-b_qEAJkgeic

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/open?id=1Dq62ZZgJbvslOGNC4Ahw-b_qEAJkgeic

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
5080	msedge.exe
5080	msedge.exe
4968	identity_helper.exe
4968	identity_helper.exe
4912	msedge.exe
4912	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe
756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 2040	5080	msedge.exe	83
PID 5080 wrote to memory of 2040	5080	msedge.exe	83
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 540	5080	msedge.exe	84
PID 5080 wrote to memory of 4064	5080	msedge.exe	85
PID 5080 wrote to memory of 4064	5080	msedge.exe	85
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86
PID 5080 wrote to memory of 2468	5080	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/open?id=1Dq62ZZgJbvslOGNC4Ahw-b_qEAJkgeic
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6d9d46f8,0x7ffb6d9d4708,0x7ffb6d9d4718
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10100036807065385901,969411766430174102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0f1de7791751b1f5f8601ce3db4dde5f

SHA1
6fdac923556891b3784f4642209040021eb38b1b

SHA256
a1e43bf5776fa46b3d1e869d31be0fecd8f782d9206544a5c4d274e05c7424d1

SHA512
e43232e92f7853c52dd06908ef3deee774d0b2b32a55b8c6e97d1cc98d252069b03a1148a5513464d047cbaee5417afc69746988955e2fc26ac8bee8a01f4afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a852075c5555023613ef3188a68d9809

SHA1
faa8921bed90037cf6d0908239973228b1c69975

SHA256
1ccef2e731c3cb42af3c1a65ff6d3830721fba5eca5d8d186d2bb71f5903eb68

SHA512
e71a55d36c37ce1085dc8ecf8142fa4fdcd343518dd7e5f64d81eaf24e71f883d9fd294dc0c08deaae12e87e06afc8bfdf145f982a946c91446f9c4a4ae04648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
74ae6fca116465a0fa15d13670a418b3

SHA1
2a7252b139f8d98329fd94189f46d58a902db90a

SHA256
771beb702ed1b18d397e8532691382b08a9597a2a352fd7d73e2b4799ef5050f

SHA512
85d76fa7cce73abfbd022bbf6ebe0348d1f123dca491e29908d55b17dfa2fc449160e7495195a5179e593d13edbd3afa3c9f0e8e7037811551a374eca00e491c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2988f1e1e53e37bc0b8e8434e616c318

SHA1
662b3b6dcdecf672c669e7926e857ee40826c030

SHA256
2339af867fdc65652c00f1eca2527a1e19cb5398d955eb4ea35b7f4e4c6c1df2

SHA512
0608fa032846162ae852974f61a030112dcddcdebfce06d0cf20be0a29f2ea6488c428bcc5d406359b12fded81149508e2de5d446d5ed1c3b8acdda101a402e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ffab84b15c47a03c9f4b55ab8badf6f

SHA1
0a1c6d06963af92f38a538993bc4b0b1fffa859f

SHA256
ca09d05a27313997ed9d650695e2faf70cb8ccbc4e1673ea8de088f13c285346

SHA512
160f43216b572740bb5c75cefebb0a46be6d08cb90da45b2841c27ea068dd7ebdb9850d6033a7ee77077f3ad8f23e74b95331250568fa8bcae955e46075b8639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c542249d047a5e920b0260e5e0e7d23

SHA1
28c5aced6fd339334761e57ac2e87b90a9e514ae

SHA256
f10d8e9930d1122e153c942630866021e457bf9d9fb590c4c832a52f23fef24f

SHA512
e78c987cfc2c1b33c7d56a82915ea53893e07426f377514ef5df52f76f8a553b1ae1acedf92aab7186947fa647fa260d797d229211d660b31afe9cef09311059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b2d9bbd7e02a512bd3a45511af048a4

SHA1
767ccf9b7905975e4a70eb446d59cf3815fc1486

SHA256
dd2adce388fcedac6f5239b9b344ff22aaa5d91f00dd0bb6e7b709026fb67054

SHA512
70d185c34f7e52b5eb5948f76e4abad64f3a7d1b639f84969ef48d424998f707b0c93514ddbca041353396c7decc4db6a76741d444e9c6645befd5ae21b58cfd

Download Submit