hxxps://drive[.]google[.]com/file/d/1UHMVgkf2LeT-bnilDmI6vmwFdQ0DgyHE/view?pli=1

Analysis

max time kernel
524s
max time network
529s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22-07-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UHMVgkf2LeT-bnilDmI6vmwFdQ0DgyHE/view?pli=1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3424	msedge.exe
3424	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
2348	msedge.exe
2348	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3580	3424	msedge.exe	81
PID 3424 wrote to memory of 3580	3424	msedge.exe	81
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 5088	3424	msedge.exe	82
PID 3424 wrote to memory of 3364	3424	msedge.exe	83
PID 3424 wrote to memory of 3364	3424	msedge.exe	83
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84
PID 3424 wrote to memory of 3564	3424	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1UHMVgkf2LeT-bnilDmI6vmwFdQ0DgyHE/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb90c43cb8,0x7ffb90c43cc8,0x7ffb90c43cd8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,15467459420921202751,14570714226931588902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0499f1feacbab5a863b23b1440161a5

SHA1
37a982ece8255b9e0baadb9c596112395caf9c12

SHA256
41799b5bbdb95da6a57ae553b90de65b80264ca65406f11eea46bcb87a5882a7

SHA512
4cf9a8547a1527b1df13905c2a206a6e24e706e0bc174550caeefabfc8c1c8a40030e8958680cd7d34e815873a7a173abe40c03780b1c4c2564382f1ceed9260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53eb880cad5acef8c91684b1a94eed6

SHA1
afab2b1015fecbc986c1f4a8a6d27adff6f6fde9

SHA256
5cb8554e763313f3d46766ab868f9d481e3644bfc037f7b8fe43d75d87405a27

SHA512
d53f3965428f73c0dfed1d941a9ff06eb70b254732410b815bc759b8c7904e11292ad7e9624c12cccaed6763e7bea68208bc0b67fc70b7616d25bda143833794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
446c8ec5113f14fe1c239e94226f28c2

SHA1
c3ba3c441bf9f9a1d863546c1417df3ee244394e

SHA256
d1175ff3991ef85378db7b283611a2d0217475283117d7b49db4ee60e721e4e6

SHA512
78404fa85e65810f223a544feb1929d9c04f35e35fc6ed05e07cf12cf676e2f533676a2d13f24fde31d50a9b2071191ab3455c3d319f89f7c4b9a8c915b332f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91f437e1b77f417e0b659e818ed66ce3

SHA1
9900e84d21f273bf2cf152137ef0f3b034f66de9

SHA256
5333856b3563f274f7694cedfed2e93cbfbccfe7062d07a22cb29d5ce8b1a2f7

SHA512
99913819a2c9836bff6784bb14817d9671507b682f8c6b127a3b16b6fabea6a07aa1dc808d206253e42d14ca1d150dce201a25f3d268ae930803b33821f51d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
52c57f75556e623b7e1c0a402f524a2c

SHA1
766caf61a1be570ea888764d5fab20bb7e669137

SHA256
b64abf1ba51a236cb1db03e3856903a11553052296c9d2ab106624703615e3e1

SHA512
dee5a19cfcd97e516e5eb24d0e8db5813f3981546b97d8352ff898cacd64748bdc7d13e0f0be037411d0b67400773f5a13f562b6a448e935c7803cb2b968584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c09725475492410854a41e13d0bb5300

SHA1
80bac66d72b823aaa8bdef47f2ac05352bd42a37

SHA256
fb0ca624910ad0ee84fb87956373fa30aafd7530c97d829b573afcb2dc00e099

SHA512
a0d8a2b920b9219bf693791c95f2a26d72dead601fed17a16edeb36a24fae34f98bc459d47ecf28c058a5ad556ace59e00154f82981ea6879e87425296260a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6c0101c5e4bff71e9830b5641a7672bd

SHA1
a6f27b35a7d0bf5fc016d520f17a25efb5d3c877

SHA256
b535f0e7d49a886ba61399727259997bb08ef57021804f2adf65924a3de05e83

SHA512
daef906a2fb1a143197493317149bcf3067a0f6ed5962b79b8bdb3a447c1ec8ba4aca2a6e411b5e50a83aa2235cd13232395c357d937d641c10e75e339b004e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd14e0859830bdf3788859ae320521f2

SHA1
1f7af82e1adc2c88d4e8a258091ca32c07b57cbe

SHA256
46442c3d7c7bdd31e95b71a4954346d416394454cbe6d4a3089c2ec1fed4a491

SHA512
d9d3dab9e8c7adbd93484e2dda535df589ea7a23fbea62037fc708df5633767ed2ec3aacbd5e8eb33917dba46c527c5bda538e25aa6fe1eb9fa628953a37366d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ec7b78dbc4f415913a615cc91bd655f3

SHA1
3d3b001819b1995425e988b439be6faf1e204d9f

SHA256
7c151cc88dc8b70bcffed1963fa7580519625d0e5287c87bb90326dd9d6335b6

SHA512
e196c22bd55f8489fd734a5e15a83f96ee8f8e643c2efe5a14c0153013aa6214d3dfddbe830c0bb0272bffb9d88c4fbcb24df37b45a8450babffb9234e75e24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59925a9acc78b035aaa32ede9c7dce12

SHA1
012e25f4b311bb875ee03087ddfac3deddddcf5d

SHA256
7983a0cb03b56727d52a1f0e586954977810033bcbe21eb15c5bc6cc1ee7463c

SHA512
047f09653b8c38fa301ad2ae00f6e1c13e1c2562b36038e07cc19697f417b969a808e261f138b9edf654e1e3143ececaea66e4a0900dbf0c7ad96dff4aba2b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b9e603917ab12b0fe778bfa5eca69b9

SHA1
6ff3edf06213d244d187780f16d3bfc85ac4a812

SHA256
41ec0eba8baed21ecdf64602a7438da2db5073b16f80f7fdece1838535f7fd52

SHA512
14b1dc523313e1f25ea651b51f950def6b3a1237e23d75acf515dfef4845cbc8f3727e074bf64955ea5b50ae486812e013b9f4dbfd801e81664ea1708432b20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca19093f199f88c65f9a50f44f05559e

SHA1
d1315d87b2f8f8738283242a8998e7bf5af92968

SHA256
6b03e269aa27fcd49068cbcb4c2e4d555d8c986766d3f6c8973e275f17ca6143

SHA512
15ae112f7c219bc93593a49b1d24e73789a47b3c4222e48f9b18fde1ea2726a3b0b96985581bdffab94819d053282f04afcedbc0c8ceef8740db0c6ac0fc7bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d5df8b87923e12d478e7422caf7977e

SHA1
edc80fe1147800df54fe2a3c91ec21d527344ab5

SHA256
dcf4a1e8bc926c69feaef8799e4399248f03f0e3cfbaf2380f271be06d47c309

SHA512
5bfbbfbceee2cf0bb1352671edd249d4f9e996e4f723219672eab7feed84c6fc0bb6394ffe6ea64ebb3fc5c0eb32b742236ca44c17713905d421b8d2c3af271e

Download Submit