hxxps://drive[.]google[.]com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view

Analysis

max time kernel
40s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
808	msedge.exe
808	msedge.exe
1828	msedge.exe
1828	msedge.exe
1920	identity_helper.exe
1920	identity_helper.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4012	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe
4012	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 1680	1828	msedge.exe	84
PID 1828 wrote to memory of 1680	1828	msedge.exe	84
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 2832	1828	msedge.exe	85
PID 1828 wrote to memory of 808	1828	msedge.exe	86
PID 1828 wrote to memory of 808	1828	msedge.exe	86
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87
PID 1828 wrote to memory of 4548	1828	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa048146f8,0x7ffa04814708,0x7ffa04814718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17695162151339390809,18112212667928316929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4012
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Fisch Macro V11.ahk
  2⤵
  PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
05b48b14213c9bc4ab39e0f04f44bb0b

SHA1
2b7f6c01c88e4a086fdd7d2780fea4f810ba0561

SHA256
768a00c56c8292b883dbb2bbceaa804b4831f96192dba631b6346698be899c2d

SHA512
0d9ff6d0631983d6d1c904bcc9dd6e9da6e7ee272ae594a44983898efdc47901bfb3353d53757808d5e143731f2473b0932586375c2c05b194acb0ba1a86be57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbfa887e0fdea85bff19225ee9c670ef

SHA1
5f539ed0aad69fdc4824cdc0715e11111b57a7ee

SHA256
ef12641ca28f7927b8beec5f32d66f8cc6fc9ade68ed08b980b87c943a880889

SHA512
25417f1d6ec02ca275fb257ed516a41faad98966c74f23ce0981c190af0eee206d1b830f16a1502196cec98b66406e9879c555cd8ab5c051d6fbe77d7836c455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c07591efef253383935ba55974bec3

SHA1
4edeca55ae4f80af971e908feb46910699580006

SHA256
b099e570e83a3d20bda312abe32cef18f1e11fb4f6f74bff77a0baec2f751f45

SHA512
2f9019970acdb3775101d17ad49c55b30ffda5532129e31aca7677e62aaa6a4d97067e38a7bb5df4ee41b70bf59f2671920050c3cb91141db63244cfdfa5a9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b0588a34d3fb16eecac467a2623e3db

SHA1
a8b2bafa1eba553349bab49528ea4022fe362dbb

SHA256
36d4b325cdefada9dd025a3b21b621b96256492cf932a080f5cd132cc1fad693

SHA512
3c9c49014b38b97be9d650afe821bbbcb208144988f365c3ff77da0aa9ffad58a3373a494fe8d7a831bc2c713e41d2bd77f9d55ba2bea08a0d3aa355503633d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1056e7e3fce49cb747843b20c6385b2a

SHA1
62e9568b31d9fdc640da27b915a0ccb8cffc9949

SHA256
d61a21e7739e90d1a68a49056086e99b68265128ab80f6984d993f8a41747f45

SHA512
a3e9af58a40ef26d5cfd2b732559855f0786b318ded73df71229f9dce01088b0377a40a36013a64144c305fb9d93e10e032810f2382d0976c5984eec728a1fd0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 789949.crdownload

Filesize
25KB

MD5
36ddfbe29f2fd3366ca298b350a6cb19

SHA1
0b5c4d270dc47b4ae1b1f59f85b8617bf8a7b036

SHA256
4acb8e96da33a31d5f8384635cc994bebac071f16093ae6ed7f909f6a3bf7218

SHA512
54760d5e130e90a07c238fceee800da27d567671a22bdf6ab7f6f21a148f072e7b2f07d7e74e55f32d7d8e4c52779882ae6681a0653e2fcd564a7dafc94593ae

Download Submit