hxxps://drive[.]google[.]com/file/d/1tGxbyJUE25OnFaSalbv_dDocZ8ZAGeVD/view?usp=sharing

Analysis

max time kernel
106s
max time network
107s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-08-2024 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tGxbyJUE25OnFaSalbv_dDocZ8ZAGeVD/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
8	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MAGIX_VEGAS_Pro_18.0.0.284_Multilingual.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4184	msedge.exe
4184	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
4168	msedge.exe
4168	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe
3524	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 2452	4184	msedge.exe	81
PID 4184 wrote to memory of 2452	4184	msedge.exe	81
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 3292	4184	msedge.exe	82
PID 4184 wrote to memory of 4688	4184	msedge.exe	83
PID 4184 wrote to memory of 4688	4184	msedge.exe	83
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84
PID 4184 wrote to memory of 3284	4184	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1tGxbyJUE25OnFaSalbv_dDocZ8ZAGeVD/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,406422251116093121,15541986454547769049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8e88a94f7a4e16f3a89aaac71f7e3917

SHA1
44de45ea824e389e721300a9b5babe98b6ca843a

SHA256
fe7b738761b596a0c4abfae8329c64d9319134712498c8fb89c66996f81879f9

SHA512
2fb8bdaf7e1bd1347bb0b9e498964bd2784f72a5ab208d61755cb1dc0536aec5f4ca1aeb04e813d17d4739f30086607aed3d56904c70f91f82463b7e25f0a0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9626e919acb7ba3d03f2e2725aad8042

SHA1
0c787d9cc2065d72168e6bc934a4fba05be0e210

SHA256
f9c79563b62c7935852b4fc78e47e73fd4dd0f0335db647cf851168af1b3517a

SHA512
642d6a21fe88fbe8f2aafdb2a52c3ba3df8923e9f3fba53839e8931585b1df238b337a62f4b0c3c1a3e52a253cd1957365e548dbd094a5e30d5e5785a90c985b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d749fb063b1b5e1a23175f94e5fa7aaf

SHA1
9bb0ab1f6bae6ad1add43d8f7dfdaa3d6d9c464c

SHA256
91a3a27ff5ed65cb1af4ea955ced5b1400e205a8c0e266860fba501a6d23d6e7

SHA512
c72167fc7cc18a22ef42abb62058893ea1bba555331b68f5bfc85b703136e0209e050f44f1f062f8bc87900176de5bdcc1a9348a61e34a0b717e37c2a88d9ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7e9ca5df749cae4f5eb694b52d777ef

SHA1
db9c68f574421dab7a7780632c55e0d40beffd44

SHA256
826fc5e2c580c3f2c1a43e1034d7eaabcd8244102e5e75304c8080715f5194f3

SHA512
029cdba38bb0fa3b7f8ea13af4c43a22cca7cfa254afca0648df3404ef6d0157f703ad787c14b836d5cf7feb056b6c69208682074949182a6bd00ab4a21345fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a46dc3caf97f2d1a786bc853e145b99

SHA1
48dd3df9531c1f69fe24391735a3b157ee6e185e

SHA256
f54e10a7840778ec9691658f06d61694f885c179c2b4d948e93ba6953715bba9

SHA512
140b873b8d2a40e692bbf2d9ab9124d9e60f05b52e21115f11bf0b3f9d8c69d31deb21b2ebd85533aab2038cb35dc1a5d69a0c1cb44dea30aa9c40cf18d6c98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
dc430766a91f80c4b1b59314c5a9141f

SHA1
3d1849cdd4435eacb42fd02ac2a7475cc86e0a33

SHA256
82fdefca9d8da235e9bee79665afe956d6f6bab6c49b01d57b959380c378402a

SHA512
81848885a9352c7a93abcec2592c40f7429d5d0958d7886d2dcf2d70c95102d83be230bebd762dfd8c2457522e4dab1c948038b1e9060e8c2ba70b0819a8c39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61fa340818694d6f6a6ff8f2ffa80782

SHA1
c9ba2af905c79bab164a90b025b11d7ffd1253f7

SHA256
7d5cba6dfa794f15568aa241fb9fcf60bb0f42388d64e2e0dd72c4ee99e50c44

SHA512
3790e596cfa9079fff36b16718ccb4d88be64ea2cb6969dcf4531ef340149851540922efc3661a1b6ea4f56ef9f591665bccb312f74a2d4db062fe4c3db9c928

Download Submit
C:\Users\Admin\Downloads\MAGIX_VEGAS_Pro_18.0.0.284_Multilingual.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit