hxxps://drive[.]google[.]com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view

Resubmissions

19-12-2024 10:25

241219-mfzhkszqhx 8

19-12-2024 10:24

241219-mflxgs1kgp 6

Analysis

max time kernel
584s
max time network
524s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
4952	msedge.exe
4952	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 1680	4952	msedge.exe	82
PID 4952 wrote to memory of 1680	4952	msedge.exe	82
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 5068	4952	msedge.exe	83
PID 4952 wrote to memory of 2424	4952	msedge.exe	84
PID 4952 wrote to memory of 2424	4952	msedge.exe	84
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85
PID 4952 wrote to memory of 4988	4952	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,531838027267556367,6106223998895050431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
c88bd7c73b53f6f5d4b3e41161e2d2c0

SHA1
168434f6cd626fdd20726ea16b52168c67fcab76

SHA256
9408d92de7418daa75d73be6bba53d7b98498735db579afff7a6fa973ec2942c

SHA512
abc85cedd90484dd3498e6a06c709bf24fedc3c73ff639292128043f103d89f1e5295f03fa9042a98b0a5c649b0e75598540652fe17c2e0ef6a97a2146387297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7707a65c6e6bc4ca9aa4f99c4fcc3170

SHA1
962dcc47734c8b93764d65be3e736d7d082cb768

SHA256
3e6991848af184e1b2618c1395825c77b1c8cb27c1bb04bf7e3f41fda22712fe

SHA512
0cead68961e42c6e71853c04cd3b63830ea13332a4eaa0e82ac5f5cad5179b331ab196fabda5efd8dca4d81f42d9395c2233a3f0dc914da6af7a160cbd1ef0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5039e86a229e1b204a0046dba4ac2b3b

SHA1
1d22ee822681e9744c912885584c694e083bb995

SHA256
dfe03f686233ddf1a8ed765ab5dc91caa2a6058640c18a61032e359a07cca4c5

SHA512
c5405b7d3ee1c5d75895b320d778c905a4a09b778eba95e3b46f1d21f24d22f2b523a851671fcc7c0720f4481dc3ef1bd5b5026d718042fdb828f5998ff5fcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc3baa43ad681109438034849f57ba97

SHA1
2b4ab7577c2d48a5e074bcad2767cc9919d56500

SHA256
b83b3476988bd7c9651378996a5e2e2bc3ab2da07934bf927fe2eb6cb63789f3

SHA512
b7696f3f4b0c72a4c43c26f3c2bc300de682fbd60fefdd4b034b585f1cf565c963d225540bae6ac17041d640efeb5c9289a1502610dfa7856e3e13a9264728dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9757b63754438cf028d8a20734c31705

SHA1
315cdfb2688be7fa634a4d0b1b1284c388964aad

SHA256
fe44b8984d6ff6d06c83e7c20f4d7febe3de820e75f041aad95034065b9ead2c

SHA512
6f41897b002b1f97d39eaa0071fbab0e46227118e021e1b122b1ca3fd7a1e57dedac12b6f8bf06ea4441c64e7347f691af6dbf49b8b661e531d309576f115f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70e878c0e9ef74c6e1874508908f2559

SHA1
f6b86d119000464bb33a9bd7b22eb3d5846bc527

SHA256
10e830b17f3fdba6042380eb1bd4518546ba980b6a29b37669f42a9bd18211e9

SHA512
127030d1be2cd77c1f6694160fbfacc1b689e2a77f11f254115e831c9d9a0dfe16029c81aa318cee96743f918c23493e6655655244797deffdd1e4b558a0de1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e7ba0538d30469fed91ae9314a077d3a

SHA1
2361f89186422659827f17bfc68be66ca44a0d7c

SHA256
29741c2863edd8b8fe52993d3b33e27cfb0ce06d5ba560ec5fe627019415a5f6

SHA512
4de22da38e3f34b07311e1b696518bf0121274dc8736b2e0cdc86ce6106d8d98fa542c672b92645ab0231590309c01feac591641dd8f5ea904f97f4052fc13c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19ee9365391a12bde17af9bb6254ed07

SHA1
57c3960783c855831018d359e48988b2d72ca428

SHA256
1a14b0593759035bf3da23c1f1c558c77a8c78b36aabc3f6601ab507b8c4e5f4

SHA512
ea36ea02e7ed9f59d444671d4e9cd85ecb701ae6652414df05ccd17fb4877ddbde340f6665dc383903e0ea88a9d6999e3d5c1ffc78e6152aa89eddf769524547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3feff54c84bd1cff407f7155f618543d

SHA1
dd039f4240e4786dd56dc7dbff28361c7809a2ac

SHA256
5d6a7847635b2640095eb36c1e739f8be2d624e032e38d1ba7fb23bab5811e77

SHA512
f3de3ec9da7c9420344ea265bfaf34561a0c7687d68f0c201cc15256bb5e6b684a53cc11060b626917533803f10577bf95b7655d8a429453f9536214bdbb48c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
baa22ad3ec75b10112ab67b317aacfb4

SHA1
a39209b2b3d5844f209640873a66ab8fba97544e

SHA256
db5c37528988fcd5efd43a11c93394905eafb3abc83b073d7fe93c3d03c995fc

SHA512
e88cc4d2238cb19558d74581493f17f671037b269f3a74e2fe4245bf8bdcc15149264e293a93dfaefad1cc2c9a45162eb33a982c12ded7ac1cc50be520a5d368

Download Submit