hxxps://drive[.]google[.]com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Analysis

max time kernel
585s
max time network
525s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
3036	msedge.exe
3036	msedge.exe
884	identity_helper.exe
884	identity_helper.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1996	3036	msedge.exe	83
PID 3036 wrote to memory of 1996	3036	msedge.exe	83
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 2052	3036	msedge.exe	84
PID 3036 wrote to memory of 4880	3036	msedge.exe	85
PID 3036 wrote to memory of 4880	3036	msedge.exe	85
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86
PID 3036 wrote to memory of 4476	3036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff540d46f8,0x7fff540d4708,0x7fff540d4718
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7153386047168529150,11123646086738905362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
94935d120ffbaf415ca2652344b8b9ee

SHA1
531a9a1001450381bb89c868e47757209ca88aa7

SHA256
47b58ab72d22caa213bb361f73346da761c2924857632cd1f8dfea7e037e66f4

SHA512
75f6ad7f1b40d06c5ba93955b325feabf6cb136134ad96dd0a55969661426c05f7d74aa7fd1cfe4e56353d681f0017314eb313b2eb902fb0c3c5dda39e29ad33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bfe6343bb5e0c4fcffdeea18f56f7114

SHA1
8c71cc16f6cd99896cf731b6bb075c847f4ec325

SHA256
b4c6dfb13b87943dc6182e61727ac47e75d135e9099941e64dd3b8e86511234e

SHA512
c4aabda0477280e05feff20ea019445400fffbe8e783fd56b8044fc6816dd407a7019cfa235a0c3db2bcf1c0d471fa44fb6ff9e90ddb63c6738b11844c236526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40db504d3bc635e23be9481492c1f6a1

SHA1
524ff7d2dba8d424a5a0a43a874fc4d535dd5be5

SHA256
6ad9f5a8c9b858a4bc7f11fbe0ca3454f8c3bd3612acb9509c0379a27da6530c

SHA512
256a36810ef9579f4d01eb7d7553dc1c742c1c83ace3d5c8ef88d10f1bb9213e71513a37e14a43c888dbd803f5b2d0888ed713b1805a227c9b14d50df9dda2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
08bdf50e89745a11c4f9c7dc8bd9c825

SHA1
937b0e682247afa5cf6c55fde044f6f19d08f1e8

SHA256
f403d98e5199789106faf81dccb3ba6f4d931e14ba309044fd16d3bc6dbebaec

SHA512
62283f5d619f74703ff9a008875cf6bf931f570da528c6a9bf711cddd6203792d86b0b9bbc75addd28629fe5601ddff7f87a02a150f09f7754790b190258d759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
171645b32a8d414d40932154f10a3e9d

SHA1
ffd423b569b0eccbbcf8962f41afd8cb5c3dce06

SHA256
125e063b5b8dcc84648cf8a5cce534b20f75ab63d51b2d0e012115dddf360b37

SHA512
cb0d648e9641dbedb0c71c7c7d7b6cef5decda8a5f2b1e19e2cd687b5a4485ed6d5d7c11df6a502645c154bb6f7509baf1f13b47343e0f5e2eea72dc7327a0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1753233c4c51af56383777008181de8e

SHA1
bee2058f98b50f77bc472046f3ba3b02a6865c98

SHA256
cb13dc3d027a28909da8b8637cde55907a2b6b8db993881f544e4048331d04b6

SHA512
05cfd54600b6f34657bfe80ff8b851be228c995f48da2845a445c8091b95cbd0f8dd25336381a5808f8732536e5d5795616fa7bf3bc62a7c303f11dc013db267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
478338febe3db70cc01f0b4518bba6f3

SHA1
29ee5e4eb57894808cf7b7ee7d4070f620af647d

SHA256
6a20f7c94dcb17488e3414a3cd9334c01d65300392cd18c07391688888973f7c

SHA512
6b9bab7940dccfafb21dc3370d68ac4348fb8c4912b94ffdafa7f100218a20b2b93c1965a31424848a57c4bfb389508110c2acf71013ca06c66440da0ca40990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4423e9951f8d3715d9edc657d2dd117d

SHA1
02bc09b400c74b9e7b1d5ce826b57a6a6116f335

SHA256
c173c6fe0936c67ab151496f95e9714162da75385e857703a4b12e49511f7fc8

SHA512
9950b4aec588d2e41bfd354f8de7612f9e4fc4f61be29345a2aed7725f8416c91f2899f0b63f90c8c05157d22c891e4778b6b757abfe93dc1f51176897d3aa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdafb9017e37585d09499be4852620ba

SHA1
b9d590b4344eca689869054104f9c80f1e104f72

SHA256
db516410a7c16422a569b8debe997c51956136a5f896336d5b5e46cd91edd617

SHA512
4ed3f7197e37eb8fed8ed6a6a7bfe4597c391b9805da817a54738ab4e3947793b71508a45225af276986936a1125dc87ce3d547d05e8fbc7b7a1bc39bedc3a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a3d12058a47a2a552bcf503047fbcb6

SHA1
78393dc44d8b413c099da5922af36020c1581490

SHA256
dda93bfa46d0679caf677f1faa6bd70bf74a0b4ed079a9254ccdbf0b4e15423f

SHA512
651db28ef8afb88dce691c6df4c9c7e7be070efda88833e96b93d3aff97fa51326c373d034d998b666f35d4f4597d1ec9b56594a63288f96bd86fce985e5214c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52c11bad4d46ae462862b420bd770180

SHA1
ad2dd4cca06420ed8dae05638b866596d0391623

SHA256
7c508a6301eb3801b1c1793ca166fd0d8e1bb68fa6281237a42a01f549412667

SHA512
51a46e0b9e8ab852cd513a734cd77a1acf817706308e19c6a1228ac195319500df750b6b55b5c05bbbd78f6d062bcaced0fbf50667d7384fcdecb41339b9f71d

Download Submit