hxxps://drive[.]google[.]com/drive/folders/1yyrbowZg5CaVtDGWzPPreaMfH0vGGAjD?usp=sharing

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1yyrbowZg5CaVtDGWzPPreaMfH0vGGAjD?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1564	msedge.exe
1564	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 3064	1564	msedge.exe	83
PID 1564 wrote to memory of 3064	1564	msedge.exe	83
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 3600	1564	msedge.exe	84
PID 1564 wrote to memory of 1672	1564	msedge.exe	85
PID 1564 wrote to memory of 1672	1564	msedge.exe	85
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86
PID 1564 wrote to memory of 5044	1564	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1yyrbowZg5CaVtDGWzPPreaMfH0vGGAjD?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753646f8,0x7ffb75364708,0x7ffb75364718
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1954231151085009728,9357884940957439141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f29fcab3efbaf7c92841803924d9b8db

SHA1
ce52eb83590fc19ab44a0278a40df9c61cdca86d

SHA256
bfa62f3efe0e44009577ecc5dd48e3584d5b4cde587c27f3ab542519d615ae79

SHA512
80ac6e7d77c77b4537fa8c2c8a7580d4ae12b5edaad32e658b8b5996900e153335a897d6d1577003485a0fce94506341043e6229125d165f482c53562a83c9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
47d1283c5a4780a1be355b21f1f5da54

SHA1
528e6dd85c5d2eccbf3703cef0ac0514de9e5807

SHA256
48181ba4da775ec82e4259163abe9decf7333154ba4d0e187c0bdf9bd8cf01de

SHA512
dc32f6dc4ca84eabdbc27ed6324f9492cb33f90d37ea0904d0c65505d49739e0652ddb9c1b57161746eb54dc9e58303757de8f00deb03a2aa63ec78fa0307dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c613cbf67f2cf72f118c21da809d30f5

SHA1
cf4f6bc5b61b457bbf4efc72fe09242655daf576

SHA256
304230d4165a6cd52e90871ee607d87fd857169b5baa78089d643280777481d4

SHA512
b3811f193743dbbf94e41467b6c5e7d32578cd9797357a9600392814de7baafe5764802c95680ba8180ccdea930d2719e45647aa869efc6cd11793b4c17d1f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9c322228b4a15d7fcaabf9088c562a3f

SHA1
17b6b7a7afdc9d9ba58a0225417918d6738783de

SHA256
6a86f2ed4217f46f0828ecaa475d3568c167439ed6c6fcbdf5d29d6ba505b834

SHA512
592a2cb21a2897b65e77fd28f3bcaec933fe6dfb96dcbef588de96c42694e94ab6514ed451a432662b0b2623695fd57d55ac4af64c29c5a73a7397ddd205cd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5a49adab7bb66cb729d9879323c12ce

SHA1
21c558365b6e517cdd5ed22ef4e7b17fea6ed6b8

SHA256
e420b2f16c10e23a0123125f86d37a417ac658a675a852ccb0ed921e1d01ddc9

SHA512
7a0c8bfd42aefed283427347863461cfbbd5ec53d49d1adc0166f372fa189182b4d993bf73a1bcc2e04bdbdc5ad115653d2b598bf1b335a6bfb6a3535b6bc131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9523b67e2770e43a676ce9b51887d54

SHA1
a04f09b647efb195fbbe12b664c00fb5c6709490

SHA256
c66fe2f43fd0887c2416c31f7bed8121c52ceade102c2440ad7a5e219da69f3d

SHA512
530570c10667fd9350983d59f702d2638472af9978a62c75e5ddc89783a95bb861f1978bb48036944a017dbe7baf66a7b59b9d3c96e026c10cb3808587ef4229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a13da63f2e72e6cca29a2a3d09bb54d6

SHA1
2e391cc15f01660e517f34b5ae4df9c497547803

SHA256
4e859191d31d6b21a10d321a634fa0ee85de204f77545ce0fd6dedc3fd643bbc

SHA512
65f3acfef8352fc0c2b2263898c708dd18ae5efa43c2e74664fd715c68532442b62ee05de5a253a54a74a7c75cf5ea62c1201ea25f933925a0fb34a0f2f12753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589c0c.TMP

Filesize
1KB

MD5
290a75392116e9360526897107810409

SHA1
be06fd59e8e36ee33a7b067acef2291175a22cac

SHA256
4095307d89e8eb24e711258bee7c19c305aa3b530fe586cfa960db08b10e299f

SHA512
e19182878240e43fbb8350c25b1ee39f7d522977bb363cf4dca86aac7c055c116d260d0a12d4afc0e0171d9061f911f280b15549afa050992782f6c40a96a0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea648080c99f7676a47b91e098a143fc

SHA1
4037b3db593c3740392c131daed88c62b765a3f9

SHA256
d707310d09fca9b29e96321654875a863a4320307825831e9e90efe74e49bbb6

SHA512
37044e2eb531010a11f539514d7674d923c63c4f34ead91327e13c5c0928e76a85cb5a792daa41952e7b7063629546991b414b4b6222ad4ac8453ec0187eba7c

Download Submit