hxxps://drive[.]google[.]com/file/d/1x9Ad40gWMm2Q3IcwJtnvWarnuImljfv_/view

Analysis

max time kernel
528s
max time network
529s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1x9Ad40gWMm2Q3IcwJtnvWarnuImljfv_/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1772	msedge.exe
1772	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2428	1772	msedge.exe	82
PID 1772 wrote to memory of 2428	1772	msedge.exe	82
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 4864	1772	msedge.exe	83
PID 1772 wrote to memory of 1700	1772	msedge.exe	84
PID 1772 wrote to memory of 1700	1772	msedge.exe	84
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85
PID 1772 wrote to memory of 1528	1772	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1x9Ad40gWMm2Q3IcwJtnvWarnuImljfv_/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff952c546f8,0x7ff952c54708,0x7ff952c54718
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7873389098667553930,12146982392923072415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e79bfd9e070a623642577f3aceb5c898

SHA1
2646b4ca7f3f6259b34f0d889927871ed9a2375b

SHA256
363e1b47ceed54a849b0d20c6575b5416e4caeb091b639e2b63bdf2c76301f36

SHA512
110132909e3df6a34ed1b959414889448b8ea17cc309a5065f06b1ab987be4dd31d76a8752f96c33976e71b3b323ebc222c949adae12ef0658ae0adb7c81bf71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e2076341e72f99486fb6527d6d600be0

SHA1
14e8edb46ba71b76211c01fb06cc80548d39b3f5

SHA256
edb38f071bdd5a0cb2fc85f6c463ec3e0a1b8c02878d75f2d48d3512fe928337

SHA512
3c0a9d197aeb2b32f49e140b19f5213fe9592d654458c726261f88c5333d8b4d965601b4ef7458f9ded93d185579f182c3c2976a4e05f5ff844500d7c1fe9442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f7e559a9b1481aa35180732ee4252854

SHA1
7e03e53f8c1415ae554c4c47dfc94044ff7188de

SHA256
e1c55ee6c3b149c9de81b1d56278ac508303904b61ddbaebd9fef49aeee4054e

SHA512
60f131d3bdc7f3f08dca18d5a94ebcbf0d5c68b8dc1063c615794ddb5a1d448f716c57250fd91a21607e3dcc2811c993dd3a674821ff5867e6a0fc9bd1f17ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1a8a2d692b061b60262b6bd416af81a

SHA1
46acf97b0f0ce4aff2ca4b51495077bd77ed9598

SHA256
536d5f2467a1b155d3ce9bfa5707ab04c739e1f41905f476d8001b37de21456e

SHA512
85070067e90b19cff3401b87a80456eb5911b006348ef6cd271ebf94d7ef86ed2facdc4396c1a149731aea6b97e3a8c6fbefb3befba05def984c5204cc3562e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37ee9cf7b5b279bfce8311b027fd492c

SHA1
1ac3b792658acdec5e23f73ca7677168689f3eca

SHA256
997a08910d15fe976b4961b51384c101ea4efeac61b8b6235c3dc18a28171e0e

SHA512
2f2978f881bdb8cd6496f0612d97b5941152ffc47fec9e5f70d34d61b6236ec0f1ba2b7b32a8d805f60b86b4f40b9b101c8a1b6dcd60b36df7cdb74634c33bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
af46abc965aa9ec1d844df318c090ec0

SHA1
ac68216cd7d627c313dd172a15bbc2a6b61d33eb

SHA256
e494a1f6a89da920630b48482d143bb086b1c025dcfd09f5023f1a10485bd0a0

SHA512
2f3e6e9c1a07f062c0d6fd2ebc1c6165a8fc88be8cec6eb1179ad306798431a3bc2f9bde51f8a994c2e89f92e6bd2d54a5370ef4bd58ebc02a97d6800fbbed69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2f80207d468e84facef114dc83d636b6

SHA1
a0bd9d9da39edbf37b31b10bf72243f0ac14219c

SHA256
0fa97ad94814ec662b64379c27bd6b2c8fc248f11b9b003a5e42404e81059a56

SHA512
b2551c71a63a62601aa8588d1ef944b68b051f45b15519f827dddd1f712569287f1b0746cf92bf43730c12661a97ec5004ef6e4ff5bd11d2f4865b6c14ca9702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6d85bce363539f2cb9c91871a53bb62c

SHA1
2d2de4dfad4acb89c25212566b616540c013aff1

SHA256
3193a785fd567acb53ea592a13de7efc818ea8085023269793c60ce5a744252e

SHA512
8aa8a22f6f1189dacfb92ad07022680141a75d8e650534df43e809c1237debbac90757f5b14aa1d18982066c2e7897e404fe5694154c455c7c7465d8a8f473d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
358ad58e2d081a1def1bdc05b0bc2df2

SHA1
cf3b19f8e76146a56c0cf17acda62f0a88f37fa5

SHA256
2e18c72afc9e854e6d8d91c71c75648baa06194b96747dba770e5da5f5dfef48

SHA512
df5d02ec751cc817703468f68dd70c517300732a4f49113deb2fc321c9169eae4a09fd97c03a0d55a3cdaba7fe1732fdb2fc82b9e0ac0541fad814a51d8aa507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cd297726844a33dcc3aff77cb26a357

SHA1
4cbbe7328fa4ea91897ff0583e8b21644dc98941

SHA256
1de2fb8c2272286688deda96d6a1a4bcf178d6f32c05215f5261ba473483f72f

SHA512
ce9db3e1a582245ec3f2a54620926bf6bd8068670ce463a12f1e8cefd72be2197612fb8c4f4bea050713dfe5ced47edb6b84ff2f1a78070ac8e0ee56d4db87f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
833e30e310daa603a189136ae1e3a984

SHA1
ccc228d7fdd1ec90dfec16f7460ffc1f758e0480

SHA256
23e00b3158c9b9a6693d2e641f0a59c40c2b812a99403f064780d9ca4962c957

SHA512
4c667c050675a6d5084a3a5c22c3fb36773aa062fe7610b536086d39471a44a2a225176aeda3612f364ab1a04fcaea38e3a5c02b5159388e5bbffa13de280a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
035fdd48b6a189c4b3ee635e1cdd1a4a

SHA1
3df0eb8b970278db3532c0fd4b3a421649230da4

SHA256
facf14076e96fe8cc601ef5f77c397038df4c70c390996f1cfeab9633e7d1cbe

SHA512
d7c97fed71e76f05c269007e6755217aa99d235708912615d45888d11238bb528d49867cb5a6bca849090c69c89c9835d0f997bb657ade7ed0f5f2be601b90cf

Download Submit