hxxps://drive[.]google[.]com/file/d/1Z5olMf9RJniepgVI8SqK6AnAxDq-F-by/view?usp=sharing

Analysis

max time kernel
525s
max time network
526s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Z5olMf9RJniepgVI8SqK6AnAxDq-F-by/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
4472	msedge.exe
4472	msedge.exe
392	identity_helper.exe
392	identity_helper.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 2588	4472	msedge.exe	83
PID 4472 wrote to memory of 2588	4472	msedge.exe	83
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1768	4472	msedge.exe	85
PID 4472 wrote to memory of 1004	4472	msedge.exe	86
PID 4472 wrote to memory of 1004	4472	msedge.exe	86
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87
PID 4472 wrote to memory of 1540	4472	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Z5olMf9RJniepgVI8SqK6AnAxDq-F-by/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe835946f8,0x7ffe83594708,0x7ffe83594718
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9801715085510968243,2941476093643342347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4c775e7b89857df819471463b9877889

SHA1
c3a48ae9dd191e29c0b513d4e606a2af85bdb467

SHA256
611990dadafe5c8f164c8927aa7b980b451b35f42e2bc66aca7242b416d76e84

SHA512
c60d4db9ddf1fb020ca3ef1ac7bd56093d36cb6300f2d0a7ac3798ab024ded08c068fa4bf373134c486f8bf0398c822f84ceee37dee6e075b107d1c1d8fb4990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6ffe0c03d12e9107c021f0206c36589d

SHA1
ba7cac757961b87aed57ed761711ef3b859c463e

SHA256
703ae1b4eb9baa13365ef93e85579de65991a579ebcc6ef84b7bec938659db40

SHA512
3f2ea5c328b1fa711721c550ca92ceea2bc4730354f554e6e1594916c7c0bf364ea28364a36d8ce0b389c784400fe3cc6ae7bd80ca82c2c856e7380540b1de98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
16eb57564c7768526b5c2e2283291618

SHA1
d2ca36146ee44d112ebbb63b193f31cc72f3d61b

SHA256
6ed7aeeb3de4042fb648d5060138d09218003aa53f7fa7dd1105759ceff8918a

SHA512
76a23bd0d8d418bcb1d0db5b813eaf1f2e1d9c29f81684bbfa39af595cbeae31d5a7ab3a2b60f0ea22f899d44e324d70ed45de2a21b2b481a3832e9890b13eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb4bd8691a454de9304e1eb5924ad2ad

SHA1
13aa765205047e7241dab49dbbc56cdf9472b6fe

SHA256
d163c2002bb1e9d1c8bd9e076b67cfbdbf7938de9fb3b489f4fb8e96813f9238

SHA512
320ed8d494c88e9e318af84c6fefa7d61653854605bda938535d6b5e9807a99c08bc8e1c2f077a3b97fef14ae6bf0e5502940fc5eb7c7a8c9b9018818eb5cb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5289e3f067a720d6bdf2ab897a7928c1

SHA1
58d7ae2959e8fd6911807a1cee6ef07bb696175d

SHA256
30ff2f4b71fb9abc3b11d9e5826c00901f2668f975c0917eafb489b4a3c01633

SHA512
ab22d90a69e16650eeb682cfaaa89e771b9cb0d04c919a70bb418d899b3bb3937c11ef51f3936d3bb688c216958e3efba79b600b8e6512570430ea0da51b7d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
def60882235740e63dbe0f205e5726ae

SHA1
fae12c2d77d3319618a133ab4332aaf6041d70bb

SHA256
4a19dc9f79c8ed6481b1f6d390f3decc2bef9fc403f947315ce8f6f4671c55bc

SHA512
cb244c4073e137056df70a47ab77f2b863c1de276c8078de8eab6e12822d53d01141cc319d61d7a1488bdfd01e1f8c3cbf265c1c7a9ed98f1ed39909a458f4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3832092349dad17a0ab3e0440aadc8a4

SHA1
be9cbe7bdfdcc18da5e45a4b509b0dfa951cda8c

SHA256
589753a34fcd52902abff8b596e4cd13266664bfe06535c8c2751b9cad5bd55b

SHA512
2d63032ba927411f4d0bd4558f1859d626c3599786c2aa0bfd0f482519c5d045c7fd87ae1f100c841d507dd8602978145d99b76ba6e6b441f10ed7046a6446d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
120f67226d82de363f309862f9ab8cae

SHA1
7af3f9450505deb26c7927efa6f8a99505727573

SHA256
545b134aebccaa3fcc2bc58af0b2487d045b90a6d20a3893dd588abff24e90b2

SHA512
b217895dd1fb0dfdda06014b56ba1192fd41b9971aca5adc6179f83b286feac1e3862607b7d729d4e9310a2c3a89af78d1b502b0b39d25181f502a236d0be5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee117869c5a222b41dde1e33ce86fe46

SHA1
d7b4b83fd260e346b98137098197e3fc74bbca54

SHA256
af52f4ca31143b16d45ed11a3eff913245800eac873e02a3ee631f63fa5a0327

SHA512
e053480ed6ddd2ed1432cd4a217f04c0c5eb1f9a521170da67b9efc5dc8333f0dc96ab9f98dc5d0a686e844622079b060be41e1dbbce628b8a0bae4955dfcb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8f888e485deb12824342371c3df5247

SHA1
e73d60bc1eb9b1f395556221487e62877f67bbcf

SHA256
a56e23b431cb430fe975429d0824f14fcdda9beface4ef1934111d30ec0f8274

SHA512
8803ddc7224a06b3f643f67dec01057e03f9a2f0939f459ce9cdbf7205c3384037756d7cd5cbdb267477701680b056104561ab121fb1e9034cf83ec4b3be894d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2788e9f4e16bbc9bfc533525848faf0d

SHA1
b5d6e387d602ffb14d95683782409912e305c4e8

SHA256
df0b17331f91bc2de9bcb417b3c0150d53455d987c1c4dcbd563917b3884d317

SHA512
0aa620e66be59b578b459b1b408adee8e593d7b570ba9494fe66e44de3b4154653553dc0028070700f84841a152021cddd650f7b31c34f6e59fe5dba05eacd0d

Download Submit