hxxps://drive[.]google[.]com/file/d/1H2usyXwy-k5QKwz9N535BNjabJNA3SPk/view?usp=sharing

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1H2usyXwy-k5QKwz9N535BNjabJNA3SPk/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
13	drive.google.com
14	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
1076	msedge.exe
1076	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1856	1076	msedge.exe	84
PID 1076 wrote to memory of 1856	1076	msedge.exe	84
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3788	1076	msedge.exe	85
PID 1076 wrote to memory of 3108	1076	msedge.exe	86
PID 1076 wrote to memory of 3108	1076	msedge.exe	86
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87
PID 1076 wrote to memory of 1956	1076	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1H2usyXwy-k5QKwz9N535BNjabJNA3SPk/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xdc,0x108,0x7ff8b2ae46f8,0x7ff8b2ae4708,0x7ff8b2ae4718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12328319678645821064,15106724894617333542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
22974075c4d2a0eb80b0b5a6fb3fccac

SHA1
66855974eed31fe1ee69ec0ace54bebd174f7484

SHA256
4b705263bada58094eca6a34b0faaeb1ced839195a176e81909d5604bdf032c3

SHA512
96bad7b939486a7aecb63663434f84b872d1d7d0ddd739c4f32bb2b7a4d23add57be16a2678d45f86c68c1ae5b3a332265e56ae129901c46ca5800d0977dd9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f0db590641b1a863e6af2b236a8a2fec

SHA1
89ca52f06f477b895e249205656951772bd6bd11

SHA256
d75a0729b739bce4e622ff478c517c0233535b11892677d414f70245afb03fa5

SHA512
1d57690f6028446ccb9f18e2d78e329cec2c72dc138ca4ad95f5c66b9e1aca118c1c8c696eafa936d5ee9216c2a766cd09f544324f2da0f8c4b3fb68cb60914e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b2fee37e7364d396fd69630fb223eda

SHA1
7cc377c52fd877707e9237f6daf708c02dad0a8c

SHA256
81386b6f3344ada12cf114b970de5159e30291876577a6c6bf53cbbce1a35550

SHA512
a8f9e8f72a45953393687ac3caec4be945168d7e412875a06fb32a021a5aeb85839c4d5e04309284b64d1d3b359cdf733b4802092c298fb02fea0e604bfa34bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
961f49f5cbd5ff0e8c9cc02aa9b18f42

SHA1
f2832dfa1f4548042c7543e0a516852c025ba02b

SHA256
10763557d51eeea762a85e1e48cd5350e65ee2e3f6358da1aa4ce753e76b430c

SHA512
2599c1fca8706814106342d5c9f5964a6bab5066c2d4989de5501d25c845e41231bc6e35a492c8be959c19c6ca996bdd22a8468e1497ecdf3680dd228fff042b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5df467a0eb9c436b262a6d4a0913884

SHA1
75a91fb1852f68011b1f4456dd603932c801f46b

SHA256
678a599774ce05324f35253cb9a3d71ebfe7458186086aec17f879d11cd7f8ff

SHA512
a5c3b10c179631dd42f23ccfa88744b8eb9bf03267b2af814416d8a36e0f76e44d91f1b159d2ec94c7e12845062a74113d6ccd031ff08204af2977265d70c7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbff8daeb8b58c8b07052f24ef46d084

SHA1
781b2ceda708997201e1f1726932b1fdcb43c646

SHA256
4f697bc71ef64d75e93828d2bf3df4014cfbee1ad7956e21053b250dbc9854b0

SHA512
8775052a2a924f84985fbc45d8d04b6846e3999b15b8af7620fa271013e0797101f01f8ad869e1eb40900afae600310825f43a8e8d6dddd66c1416875063e4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e570f663312881d271128d2d6c74b795

SHA1
dff4b04470555eb092c6715c2293a7fb4d0b4557

SHA256
8e23f74f0fa22cb1c3e1a6e002a0fe166b4518ddad702954e257fffda5f1332f

SHA512
3d5bf10279f3fe3a6e8fe9bd631969125b040b89baafb807bf8b77a5fc08d9ed41bafbdb8131c083cae7917a4fdb18f504afb53ee650cb5d7ac308688a069d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e52b.TMP

Filesize
203B

MD5
d9faf5d4ddeb1a97bc4b23a481451018

SHA1
d7fb7a4a9c68278c68bf8b1a82dcfde198cdc4aa

SHA256
34df2c80ba755d8a3d2513565ddcf54d7cc02111e52ea808856b21c9974e2293

SHA512
3ff5bc3624f967fa100024b84bd9c2b71670fce548e54488c9a57bba47dab931e6280b76d28ee143ea2beed1fbf8fe6c7924e8d7232f7c82c650bd7bfe7a184f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
288d78843ac3ddcceebc00c8f7460600

SHA1
11467d6e7ddeaff2a707589cafa9fa3c736b3890

SHA256
22664cd420eb5daefc178327a8f6e271944c196dba64cd884989bfbb9e452f8e

SHA512
d1f5709ee040ce9454715504bd8b651a7067b07096db4d61c403359f7950825986394e762fc2fc12ec67637d192d8304d244afeeaf1a7c97772044660a94df84

Download Submit