hxxps://drive[.]google[.]com/file/d/1Oe61JwdOh2wyD_RQd4rZDppbjHj4ECRp/view

Analysis

max time kernel
585s
max time network
524s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Oe61JwdOh2wyD_RQd4rZDppbjHj4ECRp/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
3668	msedge.exe
3668	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 4152	3668	msedge.exe	84
PID 3668 wrote to memory of 4152	3668	msedge.exe	84
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 3340	3668	msedge.exe	85
PID 3668 wrote to memory of 2752	3668	msedge.exe	86
PID 3668 wrote to memory of 2752	3668	msedge.exe	86
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87
PID 3668 wrote to memory of 716	3668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Oe61JwdOh2wyD_RQd4rZDppbjHj4ECRp/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc434446f8,0x7ffc43444708,0x7ffc43444718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12605795922062353018,15676465794952893942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
eeffbd9cbebd07be11491dada70c4cc7

SHA1
4b6262285535a9bd32a634c44fdb8487b3363aa8

SHA256
a513d8257ba5760a47ca4539167945cbecb6a28fe912d1982df71a2b82b7a89e

SHA512
142945b8f1d05556cf8fefa8665317eab4a821f19206644d57305aeb8b17f16e2411f35aa83bba21129599d72436d788caf0f926c1cf5dd0c8f006f6296f503a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9afed1b361abda8a50be62194e527868

SHA1
b9956c568e0ad0a219b7fd52d84fe472b5bf4792

SHA256
130006a23f9b3e29c63bbd6b00c30778ee405b598ee7e506536e337f1eca1077

SHA512
a43c14561d450f978b3a35f53535969f4cd40f2dfdc9ea250990989f731be8082894aa7ce1dc43edb1c4501d6229911b3287aa3b596558dbaac65c63b970d43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
09bb3ad6fa18799dc56b68a45679eaab

SHA1
141e7f37428d55e427de4998821bea1b00fdaef5

SHA256
422a637889254b302aa9b792611e0083ffa4af34f125f180020f2ce1cf68a41c

SHA512
9dc94fe1bd853bc20d6652be2a163f94d1268cbd28e3132f4e8d84be0f12663dc8dfbe1b7f54d1d082b5908b95aa2f47c936f216b6d674debb63118a03511d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
77b768433e5cc17adda0a79845e89234

SHA1
3a92d75fc3c63cd23fe922e69008f6cc8d06c373

SHA256
2cb6ef2646e62fb3b1f3ba14781310bc0a3b19c9e52f2e3481da50f8f20f24a0

SHA512
fd746942f455c649ac542f706b0a086ba072d7c1d00628f0a8f37b429a183aa29a16e8ef4cadac9b1c53e5ec94affb41cd7e4623c9a24f0537dcf88e50b54a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ebc395cafa9a5118c8b6eb388a79c479

SHA1
41e9610c92eecfbf3513eca500f078e1a71c5052

SHA256
07c4006acf5f908292ced4f5db9dcb32d0175e1b9216dcc8377226d34ca5df2a

SHA512
6092767bd9338e59acf90efaa71c072211e1b2e46d7b8ca476afab0be49e148e941f64f02b99048e155b9aac68cc37c5d033bd6c938a197858323b140be9106a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d7b9b2728f251aa11fee128b7d433637

SHA1
340be3d747eecc67424cd4de77dba5e5fb08cbda

SHA256
5069c8cadf26ed56fe307d09e7532ad9b98dbbfd79bc540bb3b05115ba654e26

SHA512
f23b55d6bc523b8c6d3c68ba23ab0663fe0aad2373a6eb9492aeb0b5f7e343493afe7fb3c0249fb7d1d72b0d1d776c7b5abe489c1960f2c10954c5b2df2bb117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fb74257c4314d72fe5e39a1fb3765d44

SHA1
edb6be329ed2d233e31a35b68bef7d7f98dc1393

SHA256
a8092c28d812dd067f1ebcefcf8c4d7d440e32c7e57e4ebc9465b03942fbe1a5

SHA512
873ea63dd2b544a0fd6e7c6dd44d99c528474f1ae8ba40fe568fdda380a659bb9020a4fed2239c53bbb6ecfa24dbda81a559f31dece63a98380244edf19a5eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6b5d8455537b0da93a8a8247d4ab68c1

SHA1
425ceb141b334e640872275cda5ae427aa33b7c7

SHA256
e337f40b054eac3df6786a66bd56948450808c829a1156c8fca738958d573566

SHA512
5285862f01ce501fab1affc24f15b132c4ee93949c459217c2e66f7454ecb5da47275152b755177867e902d10eb8a540351e90c919290a49aa2c9f7df341f9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdae7ff4dc09dde5695de7762807e9c8

SHA1
59af32efc55a26fbbe0fcc35364546b4d9e5ce9b

SHA256
cb23a86099247e71b022b34e6d7aec474d0e52e6d5f38537210b8cc8070e98bb

SHA512
7484f22ffef33fc3d823afe7b909bf0910ecb3382d2554efa21f3d8c6a16bcf168fead3d9b89962cefd9fa45e9df0a2fe6bfaf5494546f6b2f27a97a6bf23ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
681f928aca28600e8cfbe78f3857840e

SHA1
c5da5efc4eed30ec8af1ff644a4860c79cb926dd

SHA256
4976d438c59864720e9e5885d8ee6efddaaa7e769c610ee4427fcd80c1c25a1f

SHA512
0094e3e3b0c42de2f3a407e9d8cbf9737429e0d58ac492cc653f0c17f3ddc7f5de00b82b02a3f080ef240e3cc1d41b4a4ebf80d38536ca1b037d5b9a1f540723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
432ba58395fa93323191958ac691c2eb

SHA1
7b633ed108cd5502cca2d5290771601c06e70edd

SHA256
89f917804ab3763147469394b0c1af74d2cc44bacab3865128eaf439f67cf9e4

SHA512
e54fc6eb13a691ccedfb8ab192570d37b29d6e001abb466743bf5e862369b8744c2a222892e118211c8c80085c42fa7fd2fbefa2a9e0353110f6646fbba7e039

Download Submit