hxxps://drive[.]google[.]com/file/d/1cXHTHH1S90RCqWYnFOSp1rtYmURecQVm/view

Analysis

max time kernel
525s
max time network
527s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1cXHTHH1S90RCqWYnFOSp1rtYmURecQVm/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
852	msedge.exe
852	msedge.exe
4180	identity_helper.exe
4180	identity_helper.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1936	852	msedge.exe	83
PID 852 wrote to memory of 1936	852	msedge.exe	83
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 2852	852	msedge.exe	84
PID 852 wrote to memory of 4916	852	msedge.exe	85
PID 852 wrote to memory of 4916	852	msedge.exe	85
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86
PID 852 wrote to memory of 2444	852	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1cXHTHH1S90RCqWYnFOSp1rtYmURecQVm/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5ee046f8,0x7ffb5ee04708,0x7ffb5ee04718
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4434179764337052427,8744941772056267841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
83bd4bf922c88bd697583d04eb0c8151

SHA1
85e0be2c33e0e7c9c43ee7e9fc92bc73f5bfd748

SHA256
2e13ac795793a1cc5a75bd1e5989dc57b204b95e4e5684bf56ffbc2ba70abd8f

SHA512
0e555c22cd5c0f7cc334068fb468294f65444c397552d1dbde441a42e118bf5cdc205d332883f389817f9c05798305294c4a870ccb20ee2938ed1fbdb6c754dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85b2688c777f8d3b5e030aa7b251487d

SHA1
0bbb23c0f4ccb5ca799e9dd5ed85077b286c3c09

SHA256
7bd95250d9e477c8b8d42ae3a3c0403dd74012d33fd669bd95d3c8e6c31dfd2e

SHA512
1ceb155b5ad785b1e79d93fa6853fc62037d7c2ad9f31b671fe6f950972984e6109bb3c3fd3bbc2c7930249ec1224e4f7c5f4a1305a69af071895b1e49c2d740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba9d53ed02be0f504f12171e76e7f3e7

SHA1
6fe8b2c61a3f337ffd8d2913d4f05b282a6f45ed

SHA256
d6486cb7a31a71e10aa2963ab5eb726ac2e0fe948dfb302bf2e5d1c2ea93c5b7

SHA512
cd0133acd433652d56e5afb43e4714716b2b46b761a5ff69ecceb429b44597ee0d52cc2d793aabc5d995010cda574be8faa11bb8f093a588906c25775e3d682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
57e4e03f2107ee3fae88e6f3700dd627

SHA1
cedeb5a85a5e218ec5bf6e6aa48a7e692c0d7e50

SHA256
6ead9a84bd466723b3a1617b0278be328562959d780b407b0f7c51acf9e4d6a7

SHA512
5ac8648c9674dd84880c47038b5ca45a5e940643b1aba29562fa23e51f596f7d316f6012bd10512bb8ede634a4dd812549b81f045501aa9b863e1e631588c2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8f2a714a1e72b0a8ff81f274e32db963

SHA1
75f5eee9673af8a6e201dcd8d20536a77f75fa59

SHA256
c4eb253bab7d4b6eaa84a30c808d2a1b767e00e0038416066747687871f56a75

SHA512
727e453f99c291275a3462d2fa4bb3484b9195cc5493603ab7376f882672beb9a43a3560fc874a17f6eff5b59c6087fffa01108213d65c44b5131a2596694ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a56916069f00d1eec0c282f2e35613b

SHA1
ca17901798cd4dbb6540b905858fb1a10c2c7672

SHA256
6764f72262d7af798fe0086be00c7a04b690333f30ec1641dff86822eade2778

SHA512
70e137f6a5eac5c769e57ff5b7f85c94183615b0e69ce507a2b7e60d1b490ce82c8c42e85b4a67866cdad24a8eed846e075c75b9aefd13d505c7342a27aba6b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ff9ec8052ab418abc8e3072b4661d734

SHA1
3fe0e404151b05df331e200b5b766252901b68ee

SHA256
60a99add830bd0cca4d2019d540037c5b3069e6491b709b03bc330f722e2a35b

SHA512
eba2332463e893e49f3d118bad06aa450c954e3a8718db4587248a7c1252c13d6afdbf69c72664da90ec9997eb91d9dff06d75cbb823a733b17c0d289114e421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a6289e235447bb64f2724d84e8f6c75

SHA1
29978159c1f8231f14d325fd40686510aa1550b7

SHA256
2abac88ef4cd999dfd645fce42b7e5f1a3df2c932e80e96b7113aa76a7033f18

SHA512
dc997bffe5dc023fffce7147b906c50ecd1b7b1da3974bdc602d2d73bfe6add11b5f65140b8bc66c3d24efe2607ab8f3b51bbf24a81daa547cfab03124ed84ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c552f12842ae3fdd991337772d702bb

SHA1
4418711eeb197b1cea29691fbd9e964743a2833d

SHA256
eddc5889424289dd7c53a34696c4d70c8b44afa67b8b6ec8abf14eb5b50f56e4

SHA512
77e4a4fc9ab2aa4af42142306db81d7bfb6f08fdd7a08cffb9f83e501c8a0a6ec5f329ae0f2b7eed62f324b994797dd4023ce4ae51eefb2d7c6778c2df314e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d20d0d031c2120f2f2628bf6d1e9f99

SHA1
df637ac3771b74d6e05f94c3347a8e7d81a311f0

SHA256
b39be1b864afa64fc2be48d8077738f836057d8f20704b1cf55dbc617aab3f8f

SHA512
bc6e6afd312f58908a777bb995371cf12051bc097fade0bd82c2f23dcaae292d309646735ea4345ada879a8d78d9ad44b29e2933e1e265248c4902f56d7ebbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d24e0ebf31fe79ba0c9d51152f5da187

SHA1
e5acb31943b8f62f650752a3b72bf76b1e38074a

SHA256
c40374a8605d3d2e307f58f8cd20602299dc1d4c980cea3bf0652bfdcc4f58be

SHA512
129302d36dc9a398a7f3987f75e41d7550682f196d9e0cf040b7cc8e150fdad3281ef36217d7ca6fbf1d9041157d6a87dfa85a2859a828a785a6daf5e368ef30

Download Submit