hxxps://drive[.]google[.]com/file/d/15Z-E06pHlX0gjwWzlPXPfYMmhYKQ3jAB/view

Analysis

max time kernel
64s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/15Z-E06pHlX0gjwWzlPXPfYMmhYKQ3jAB/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
3576	msedge.exe
3576	msedge.exe
1592	identity_helper.exe
1592	identity_helper.exe
2040	msedge.exe
2040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 3488	3576	msedge.exe	84
PID 3576 wrote to memory of 3488	3576	msedge.exe	84
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2944	3576	msedge.exe	85
PID 3576 wrote to memory of 2292	3576	msedge.exe	86
PID 3576 wrote to memory of 2292	3576	msedge.exe	86
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87
PID 3576 wrote to memory of 4600	3576	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15Z-E06pHlX0gjwWzlPXPfYMmhYKQ3jAB/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06ba46f8,0x7fff06ba4708,0x7fff06ba4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18006449262391897373,18433090529989025757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a921132c7725f648858ce0376cbb1913

SHA1
11fc9782206ed48761df8824283bb83738b9e6f2

SHA256
037121161ecc4a3e08340a363daffdad42a323a63682ce97bcc31c02c5cdedbe

SHA512
db011c074224a54a85d326a61bd8f68feeb988795f048fe1640b80b6c34900ca1bc0e4e7ebbc2507806518db33f89227b277ad785b7bb8ebd2096b7ff667eb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3edb0d71cca14c547f3e5fde86689c9

SHA1
eff1fa1cfa5861b32b61c92640a39e42ed1a4d14

SHA256
fc13eed8923b4a101f720ea6846f4cb3f656a09b03550ef409d3baf93554a231

SHA512
c5c129146b16d80f0cebb8fd17aa9a943f7db4b338c42c2a3e0cfeb16babde558cd5dba4fac696a5a666ee66dc2cbd58d844db5a30f06bdff82c8c2ff5c18079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00ee415b5729de062eb9ab20f14bb69c

SHA1
9fe910112aaf054aca4ec9c3f3d602031c2ed3c2

SHA256
8723aa967d1b5cec87b7cf49459433e6eaa020d16200a36c84d9386fd7f25268

SHA512
b216d50cc609a4a50bdbc6816e511c76324d0a29e66b2f8ed92fe2a4fca040162283fbaa9fcfc468d12ed502e8e23ff0d808332eb619370daafad081e808ae1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e71fa08b3fc73ba9a22c25afc944aee8

SHA1
96c08e22a54b96a12d217de7c73638cff0f9d167

SHA256
4db8a3bde3aa8ea9bcbf25793a34aded55206a94de8d96abfd47d2d875ba9d93

SHA512
3e51f597553cbc8e0f38889fb1f2314c33368495f841160c34acc4a98fb3fe9b8e879b8adf47acb0d388e875c6f1550f43f03f81bf657370275b70d24ce50d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0a3c870e92c2d3681ca29c973969251

SHA1
e8efba758494e87546bc287ffc184eb96f4d1b5e

SHA256
c9b26c75a9649daa62e6030cb3be8262ccf71d1838b5fb7805f00b737ef58f5f

SHA512
67a98fbd49c6c453721cf792772877e9c8c9033919b48b87871242860a0e71e3abf84ae62d3fba981c9a598b840434b467ebf025ac3b0abfc79621daa2d0e6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afd81c9a965dd486b472219f45d71945

SHA1
505640de05328ab7e0ed78798f0439700f3d7815

SHA256
f67d16924d6cd469a8469bd0aff54602fcd5523ed44522c12457b28f16d9ed20

SHA512
c9b2c224e5ece9019d9ac0d653cbf3fa2eda2fbeab53df2d687f914ba210ce72f0c565ceb13da5f5062f94ecd8d46cf9f97ca15cc89f3794a1178165c998c779

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2d0a521f7eeb5a0604ff862f969aade0

SHA1
de47d9fb3ec24eafe2cc59ce561213678d7aead7

SHA256
04c39ce62f80ca738534b5010fe7ba2576122a080fdc6122f03fcc6b4d9a9293

SHA512
7a411efe26f7281bb779515618cd02aa9f203959d36d60a7785bcf0bcef405c2216456ec6d60697f59b59bd985d9391fe6f693f01d8d2a1e8057862b0e03254d

Download Submit