hxxps://drive[.]google[.]com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Analysis

max time kernel
595s
max time network
527s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4604	msedge.exe
4604	msedge.exe
2976	identity_helper.exe
2976	identity_helper.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4136	4604	msedge.exe	84
PID 4604 wrote to memory of 4136	4604	msedge.exe	84
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 3632	4604	msedge.exe	85
PID 4604 wrote to memory of 4860	4604	msedge.exe	86
PID 4604 wrote to memory of 4860	4604	msedge.exe	86
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87
PID 4604 wrote to memory of 4108	4604	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1kZLAkf_sbcNpAQTRFs5qK_zBDv7jGLx_/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdea5446f8,0x7ffdea544708,0x7ffdea544718
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15580286526048115822,11151194881282609274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8c9ca339eb324e037d651c40f5cc2ee4

SHA1
40f6b093c08f27e33acd603946b830035c9bc58e

SHA256
ee4b8668f62742dbd5f974ad3873e5176dda11fd9ab22d771bda91a15cbccaa2

SHA512
80b3ee50b0f0fad834be5634c8bdd061256481f840b718a4e9fc446ed0c67d612155146ef886eac8666d0b3c8c7d7dc807e81e7ee74ea747bbc7f93f45cd1554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f636e059ee6ffb50bcc46a7b3a90d30c

SHA1
02dcb3d4d64e97ad16a304fdc03d8b57cfbd2c78

SHA256
7239411a9ceb17656ae5e008352eab4b515b23c5c28ea0001e79ff034992924d

SHA512
1e1546c78b1a082fa6e27490f6454ad5f097580738b95f760a93c9d02d864ca42f36a0909cbd4eef7b3d8899cdabc3184fc50230120c77519b31d062c2cd4caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d863cec1bc6dfa2f08c4c83fd1cdb8d1

SHA1
b107c52e0d1087686b3bc01203f627b1c5d139d8

SHA256
828d9e4b86fae9f015213555020f0c40cd6e928fbb74f46360250f2a97a38fb4

SHA512
628f283ba8de174d83f6a7e24bfdcc46d5620bab974f7100cee2d5008da3aeaa7f1d57c03017b939c84e590ce44a1cabe019924646b4ad9c7c95454a020b6700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e02b731c12ffe908292a46da0601c41a

SHA1
058c2b7e02c6aa77651c1cf8a7bc403d43b10e43

SHA256
ca89a612f05787374ab7aaef33d1ccfb763f6c61846570d75fd35b0d3e2c80a7

SHA512
a2826a91bc18a36e4473c722fae2d405a96c172e90d929910905f57c2ed42bf459f0b8f99451b95387fbcd39c81de026e379429c26012640595c6eaabc44c00d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
634ba48d4f6acb2e554d1b3fa410c223

SHA1
f8994a579e31f5946685539e56d57e8224e64510

SHA256
f0330147049be383696fa346d6d681e164844e4ff544d37272f26791890058e0

SHA512
e0521682ec4c40f36d447a399990c8235e811a2b8b8f63320a56433b20d1687cb2a33bd2c1403f214e04d8d12f634ff437f4caddc6ddce40b48ecdf678483423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0b7fbcce02b90543757cc3b0c3e2a0ea

SHA1
cfa3f8f0ae5e46ba2938a89272682402a84273e5

SHA256
f5fb93f4fed2f3691bc4ae7bb3b762c99963ee07b3ad10ad343bd1bf65153aa5

SHA512
46f48ca4212d2e97c5109bb30c7b9f12844f6b951eb7fcfd76516dc30d088d8907427807d69f08fbde74aef85286011cbc0350ba3f63a174f6a044f126a73def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c7ea672ef8a4108ae7b0471ea76009b3

SHA1
5fb851447e30fe013ad2f9fc4bd9739794e7f2f6

SHA256
7f5965473f0ab32e99bd8c658bf117fa427db4fef3ed05994a9f7f9e6c0da869

SHA512
59cd1902416d1fcabad0d031376c4b53f8b4c73f1aca34a38fd1013b72109013718e81e2015384680964b20c7d2fa4e00000a67749f9a4a6efca49e5ea414482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
056902ba512c86e43f648b608644d242

SHA1
909777612fa04206e4f8eed7e02124ae4cf0c9b6

SHA256
922e4ca953df5c07b7289e8af68f682b165727a003d5fd93da695b8749fef7d7

SHA512
d865abd625d992016c5cc8f01000429dc9a84bc5ccb85f57fa7c9af5f7e048ae98b5a54d2bb59a630d33242e55e98904bec76c4c94a0d9479c8dafbfe55e257d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c1bdd45664d22dcf7d6ceee44518df2

SHA1
64a15e56eb00e0df03aed0387303bd810fd22177

SHA256
18dc452830e936d0176d15ef9a696ef8c54c0be7e3e10b2bb2813f2d9ce1a851

SHA512
2fe2dedaf46e6823fae7aea84869e9a1a0566d6038d29baa0d10c79fff80417e87c93785c6c70e26d4791baedce3683f0ae619ebc1132a99c042fb78757a59a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62be3878c464c492595ac4e092219bad

SHA1
aff3906d45dcdea296684bf40036e5fc748a40de

SHA256
0464f0f5ff1c12e136bb1592039d5024f1df6ee778fa36daec038fb900d2e520

SHA512
a3c6dba00eef376d7bb1b9ce3fd242f09c334f05ef2f6868fcb36c27915536b81fcacc52b9844914cf9abeef356382c60bc20c7e6f354097d666edd828150207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c0923916c41df6274dde00ec27631a4

SHA1
b16eb1ae156364e1d96fe792d56d483f71473eea

SHA256
796d91c1ce6153b8a3b568e701e7ff4b46d4994ad5fbee6f1bcf9cbd5e9dfbb1

SHA512
5ce8bb14d8e77a93d0d6bfad45495661f396994cdaabc5c9ea62380aead06c5fca805025891232c93c43046dc7315915f41594616922889aef1896063ca6f9f8

Download Submit