hxxps://drive[.]google[.]com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Analysis

max time kernel
600s
max time network
523s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4244	msedge.exe
4244	msedge.exe
2232	identity_helper.exe
2232	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 2580	4244	msedge.exe	84
PID 4244 wrote to memory of 2580	4244	msedge.exe	84
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 3128	4244	msedge.exe	85
PID 4244 wrote to memory of 4532	4244	msedge.exe	86
PID 4244 wrote to memory of 4532	4244	msedge.exe	86
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87
PID 4244 wrote to memory of 4404	4244	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1nyA3VVfGf65kiCFIkZDSIdU0mXteEHO7/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e0c46f8,0x7ff90e0c4708,0x7ff90e0c4718
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4722676082075948559,11866792582358001706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6beaa5d59e530724d8e01d2a7293be3d

SHA1
8bf6c3f8b8e8ed29074d84334a21f0ab9db9e21c

SHA256
6568357ca38cd64c1e84b75403574ad481c8e2834c7e79c50a42f75c629f0364

SHA512
ad97a259a81d5a22987381b0fc305374717a72fc08b5dab63461d84503791d327c27f4d8914bccd35f6d6df1f5d9b359529297b23541810443dab699a67a8829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6be71c86953628d2d03d42b1a2767403

SHA1
d1031facd8d07d8fe8b935dca033393de9113500

SHA256
e8ca666533d5c417c9ea4e2e53fbe0ca207b9e2525c53e4b90921a44023096eb

SHA512
ba2b216f0ee9def0b7b162dc7ab92f3dd77e908c5f2565d9eb3166cc444238b4ffb1372ea526ce7b4a9f93a870050860852d9dcb73a9a1bf73dec92b82033749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dba990fe5aba4d1b398740d54a6adde8

SHA1
398a625285d97e3786488b2e0a34dfacb51435b5

SHA256
50f74c3575c355d1f34a8131861356bafaecfa6058860247c44a3416d70b55aa

SHA512
3fd8395ec10837753c1916705bd28c4eb5a0256f370f61cf725164a76ea4978526e62d5f8e8fd9860b7fe6d3ef5e9ea19a1cba8beab297da2e124d147ccad3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1ba81041a96641ad943beff9dd19a218

SHA1
f45badefe2c247e3be891499fea944ebb024237e

SHA256
d9770b04ce722f2132f83477fd5561288acc0eee23e2b55216d9cd72f8e9c92c

SHA512
ec5a3a8e06c38a7fb1d4368015f81bef87d9c7f4951472e44e538fc1a3a44850f930a6847c7f350f1ccf470513ee55a1611dceffaade3acede40b2d865dfd675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
460a54c0882fef2919ecee6fd25fb28c

SHA1
577ecfea63b8cee414c79bf8a54c885136b3bb32

SHA256
b34737479ee990e078d96b021457a808e6b58e6d9a4179c38b4f52727cbc5a1f

SHA512
6323c452e7ae9635901367c668419efd4ea6de2fd35069529b4a3ee7433fda23b68de9b52b59e278208fbd2c09c28b9ed8c4148890048b6287441cb6fa1dc60e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0be09a122c78f6b7eeda1e65c6280ba

SHA1
6efe5133f1ed2a8602b62f9ab22d423ff373d6bf

SHA256
855bdcebe19e2f18f9b837227099a3ffcf2c609a13397f929fc63ddff7ee47ad

SHA512
ea0e7c44b68b54ca1344906d9bca805977f148583e7378cf12ca7a7119f07b20a5cb92d5c8091538b3488a4ddc3728bded47ef3e3fddb4124d75202acc4bd83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
13ea2002f503f664fb3e1abdba34b6ff

SHA1
53b22d0f797f50b5fc327d3ebfe9f57eea3cdf6e

SHA256
5a62ef96a32f7a25a3339af8f0a054c5f6554fb45ebce26d7e7ad587a6e79ac1

SHA512
5f020ea64faad81adb6c5cd36b5a4e44b1fad9218ec54c9da5b6fceb2bbaa29b1e8f3c1b4265217c02dadc32bf3039d7ae146287420ffa00c5ede866b63e38f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c4dd5f35f86c9c353501d0f8f1072fe

SHA1
76ade021a3f3ea6fe56d0610848088c951598c1c

SHA256
a38bb2e44c92bbb105720727d43f20c2bbb831a5e1fc268ba01c5d24e162b3de

SHA512
94cd2baa3c610e27cd4ca0aeb63056ad3dbe048ab0216dd9c28346a3f744788b32449c28d0a78b20b152d6cb73834bb072dbf583d82bc0174002c6fadf011cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ca6366f29e71db9ffc3ca77d5950ef9

SHA1
d7afacef35faffa86108566767f970b48435613f

SHA256
d41d2d711a421baff8eee92f788035a4a10c724c848ff3c9acf626dab354825a

SHA512
e36d1aa33f9e1407cd3cca993ba8dc6010f928218eb53e7cb1fa24443c1629136124b00e4450ee66faa9c2e91dd86272ae0e091270b7791bac383ffe5713bf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71f4e231f7e2b67f40b1a61a5b064bd1

SHA1
1391676586638e597fa918a06890a2459872a011

SHA256
936edbeeb6b72a67e420642af61cf7969419664f64b70727741248e829f6c5cd

SHA512
1f070117da6d929c7e1d6efd93bed29874730dcc1f9a37000c1320fe6a62128f60287ec2f9ca5598aa2d8d0ce7984e9117395cafb70349f8e8c7ab263c85df14

Download Submit