hxxps://drive[.]google[.]com/file/d/1VXWmWGY8aA_OQAGu_NzNAVSzzMu-Y95Q/view?usp=sharing

Analysis

max time kernel
524s
max time network
529s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1VXWmWGY8aA_OQAGu_NzNAVSzzMu-Y95Q/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
2696	msedge.exe
2696	msedge.exe
748	identity_helper.exe
748	identity_helper.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 4976	2696	msedge.exe	83
PID 2696 wrote to memory of 4976	2696	msedge.exe	83
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 2880	2696	msedge.exe	84
PID 2696 wrote to memory of 4904	2696	msedge.exe	85
PID 2696 wrote to memory of 4904	2696	msedge.exe	85
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86
PID 2696 wrote to memory of 4156	2696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1VXWmWGY8aA_OQAGu_NzNAVSzzMu-Y95Q/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf28c46f8,0x7ffaf28c4708,0x7ffaf28c4718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3775859164520169174,11800325383007571776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7e8ff6261208d459a56859cbf0d5e7af

SHA1
3dd59051620a2fe2f40b570d0ce1b347ad637d8b

SHA256
f8bdbc58d30287208548402c285914a2b87a2e981962e47e5b90cc6f2d773ae8

SHA512
675969a62140bc795b11981b46a6a535fd17a177643cb016c89a43f844cd01352e016ac316f0cc013cd7af3ebdd8e077822772dbf3e2e49074ef082c62ad4feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03263a69a653e18d9dbc0b261024f9ad

SHA1
eae8ca5492a19c654cc6ddd678a7a1e17fd53b41

SHA256
620f8f236bdc7e78ff4dec1d435fa24a0aa8a528028a88509a761f50543ddfdf

SHA512
e5ffdbdeaef50ad43fab1b331d6477db93c9494414b3b2282a9f481c26bd389227383637e2be5b7991bc70b25cf59abbb42d6ee2ffcedfb6d67798f98daf90f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0ca22b8b976e29b42b0292b03712216

SHA1
f3924a7b1979ddfc8543135e7b6458f7d8a268bc

SHA256
d9ba6549709f7756ccdb7bb701ca53b2dc3d669668c4b23546b9c7d798aabb89

SHA512
c15ce9a51101b492963bef28f9b7ab146e12e2862e4f9a5dd0891b5f7175214646a4270cc5f8764b061bfe256a7e189c81365375feaf144b7cd271ad79f724aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51a119bb7c532f8e351b05e9f2884770

SHA1
f1b428612975e73a3094cbc7f97168433b2d91ca

SHA256
aa83d5b288a169a704f620b0d906a3c84a025e167e554c72f3923e7a74afe432

SHA512
1d050fdb10632f89b8c202426d573480721bfc400fe468aff5fd64b38561a7d51b0c547d5995d9690c328f8ae0fa86ebf08f2fe1e46c056302b96cca1479fc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0331a566dcd21b4bcc7ad4dc20319975

SHA1
57d23eecbaa68d3e931ca1800a710d2928ee05f3

SHA256
48f9bd4254061ea9af40c505dd61331861e3929f98749e065ad3248528dfc81e

SHA512
2a75814821a474925d30a4617d3c27fe45320c42a4f0c398f7fc9c428dd2645a983e3b548f0bb4dd84488f48d1698d05da854dfd1e4a474135b97e3e9b19d770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
148643503d99f0a1ab8df83eb22b4a7c

SHA1
7b85eefc3b3c48319490bc6c39cb5ad0f0231e16

SHA256
a798545f4988ce3efd26122295c8d65c982b7558e178c0ed82a6a413eef0737f

SHA512
fa497204bdab210edaf676301358db7986ca83183099a7e9fd166c1b79ac823cf0c698828d2ae1b867c255d913a9bf04b50da772c29c97599bf1b0cee6808d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
802cdbe8e21214101f50a9714f3c2ebc

SHA1
5b98409a72d5a36f7abfdfba24f09da3d4933066

SHA256
5009a1ef3d3d90c4508dd155912119331c5996aba675fc9640b0577119f5de93

SHA512
538e83cfe7ecbfc1e9734681aedea99e9ed9993909e5a2c6b3474c64566d4179ae841486306fa3e3bf0d6d3875c8ca1da94b9fde067f5d4c51f0999f348f013a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
483e7e25ae329f6153d45eb6942fe5e7

SHA1
bcadfe6a4170bfbcbc8b965150449a01901985b9

SHA256
e419f73495ba7df54536c9473a2641dd4524df3e9ebdedc0095a2e2f808515f1

SHA512
f1e8ac0bfa0dd04a75a34116a104604eee34b35ed6b9dabab60974e423bd7859f7c9d8bd3980b20a5d72b80942977fb6df72e6765f0b0e1987236aaea8d15ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ef6e0851fa0435508ee5ca8e19dd4a1

SHA1
7ed45b46107c37f249690d6cc9834b625fe33357

SHA256
e1d219a7816cdf4268f032ed1e986f62ecb2b87fa04b8676d5a4b680aa8e25c3

SHA512
600fd448f21915879fd5318da0276bea40d2c8eb86dfa83b326510d64404100c063837ee0ff98f1d8671fa86b0f7001d3b660a8c5abb9227b0a5e95984cb7ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35f86e9d81e97cb5b2219c772008a28b

SHA1
38e7e7edc53efd451c6e10a3757c5031b3dc4b75

SHA256
b3b5877a65940638dc8d89a090573065445024b0ea1636de9268dad2ebd4f6f2

SHA512
02fc0c15d5102a0901b5ea72def9214f658b0d01e822030c051599e4478a0ddb44677341b6ce6e8ccab3f758fcb34fde0e4a13aff7fde0a6e9cd391e870c48b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87f871ce5b0d6392877ff40bed014bea

SHA1
b87c2bcff08a04eee0623c41a94ddbbd7767d06d

SHA256
cdb8974c49b8acc8e726eef667c96c273387c4b4fe3774eb33399488692899c0

SHA512
6542c906faebfcf07e4be3450d9c6705d5d30421800d52be9a6b4058d74d3b0b9e04a71be91363c987e57bd31915ffe9fa8b32b13c52f9df87fcdbe1f0f7d08f

Download Submit