hxxps://drive[.]google[.]com/file/d/1zoIwOCQl1QG_OLd6HCirMAcK7FjVuZRp/view

Analysis

max time kernel
41s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zoIwOCQl1QG_OLd6HCirMAcK7FjVuZRp/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
3680	msedge.exe
3680	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
5712	msedge.exe
5712	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3680 wrote to memory of 3340	3680	msedge.exe	84
PID 3680 wrote to memory of 3340	3680	msedge.exe	84
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 3320	3680	msedge.exe	85
PID 3680 wrote to memory of 2268	3680	msedge.exe	86
PID 3680 wrote to memory of 2268	3680	msedge.exe	86
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87
PID 3680 wrote to memory of 4752	3680	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zoIwOCQl1QG_OLd6HCirMAcK7FjVuZRp/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee4718
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,11166735614772970323,11105412845744926477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
5a16b0b2eb458b7f65437e5554012bb0

SHA1
e56e3d02629357c1fee7002aafe391f7ea9b37c2

SHA256
cbbbdaf75521eb714da77b5d459ce3a0e5bc25e6d8e8004bda0fbcc24c8b5573

SHA512
6f4a9b1cdba2b05d15480e0c35b58f9300ec2a14e5dca84268f8a607d7edd4115cdd5e8136d9d10d59ff37eabf05a5b3c9e88f8115a25eda100f7ba25ead9c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ed3dbc41e8c98087d63517888af71ab

SHA1
edb477cc3ef2b255b975200ff10a4d7817d2c779

SHA256
a3a0e799defa6ea077cf1e5514ed5baeaebd1ae90521fda885f0e51e958b5bd9

SHA512
75e9bd6dfe6e6065bfbcfced4672b551e2d535de98b9574d5b497a3f1fcfe027c34bcd4f4f455e6d0ceb0f922349c288ebb8d2ec7e72adc5ab2e568ac39b4ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4140a820b6c02efee741314bd0b43c1

SHA1
2a1f3be70cff727086d188e99c9ea18d63a5a0a3

SHA256
5cfc259b0a8b163d1b1616901d1fe2bf889b6e3a384938c998ccfc1dde65b88f

SHA512
0a2fbe257b6d9a0358f59d05b50bbe0417b63e83438609727d6c145e43888ad97bf9f3d60dde8430ffef12e42a707176737343f04a7183da58f77b5072fa44e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1446cd0c0b7ac0ffa15745d67d2a28ab

SHA1
f147b7d3a797a472fe03fb7db916ae5b1a3493e1

SHA256
71e1caa53f69490e6310e7ae0ddfa42f1191f6d02734e264494b5780c38e8e30

SHA512
d1b68254a0ef277b3ea6d9a1dc42e63b9165eb9acaf61e4a1f1904e7b9a85342cd66f91213e4b8ad46cda5dc5cbb9bf76a1b84b9aad87f7c37b5580e44fc3c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f07d3e4e61b54e792b98e4139e129f74

SHA1
d049dc957abcdccf7294bbf4dfde85a25ca49b7c

SHA256
dfc023a5f65b91aac2b092e54bc8b1ea872b9aef6a30e1ed02f9feafbb5a48b3

SHA512
36de0db17fed8c44663754596bdd16c6dfad919816173f0ceac10444ea00cf8445f754a14b822911b2634ed02be5be53a157dc9ead1b50d3b787b04eb3d2f7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
49619cdf641cc142db849ebee3b48053

SHA1
0f54a1e8bb4bc9804594f243958f636618d816d5

SHA256
f56a33a5c901edb55d5ed1d8a47f688c9bf94947ed834e84c555020db433f810

SHA512
8b43ff0d955e5211bf8dfe49b191bdba282acbe4306106c0c8c0c3edcb7651d3dd9bc0d343c07fba389f8fbd78a33e2081cca548692193ecb1021bf9062a481d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 471520.crdownload

Filesize
33.5MB

MD5
c9cd30325ad3fccb30d1c98ce8758dc9

SHA1
392e945c1af1164348167f8084c3fc912ac59cd7

SHA256
93f3aff03463f2a3f2133126dcfa0ba8461335ae2965a6bb3688df64c28b5348

SHA512
d41bdb060f24ecbd66bd82e6e99db015dcd865996ee5775c00d880a5bde739a9ec140790facfd6fa45a3b74b58e75664bab31c0ae5e0931127d967ae9fbbb58e

Download Submit