hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Resubmissions

21/08/2024, 11:58

240821-n5n9ksxcme 7

21/08/2024, 11:43

240821-nvm9jawfme 6

21/08/2024, 11:37

240821-nrkdgazdql 6

21/08/2024, 11:29

240821-nlmxeazbnr 8

Analysis

max time kernel
522s
max time network
525s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
1980	msedge.exe
1980	msedge.exe
2984	msedge.exe
2984	msedge.exe
108	identity_helper.exe
108	identity_helper.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1216	1980	msedge.exe	81
PID 1980 wrote to memory of 1216	1980	msedge.exe	81
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 3324	1980	msedge.exe	82
PID 1980 wrote to memory of 1144	1980	msedge.exe	83
PID 1980 wrote to memory of 1144	1980	msedge.exe	83
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84
PID 1980 wrote to memory of 4844	1980	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96ee13cb8,0x7ff96ee13cc8,0x7ff96ee13cd8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4779451976143497768,1111157299032681514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
405a46999401e7e84c73a415dffab8ae

SHA1
ca9e6181b917be39d9ab54cfaf56f61b975abc8f

SHA256
76a31e4c08c96a130f0c8aca77fe2a9dc4cd40e416d3c8330ac6b188a9e44145

SHA512
a083ebe3703f9d62bc9f6d7d63823956f13e555403e07acbf22c48da53ef918eb1971236b5750ce2bf0e17770657c6b9cbd958316b39549c54e2ad476a566e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3fa201fb861370a22b41120f7211fc2

SHA1
0d9fc237a1d0cbe4676f3d9e6cb4a42e51c1b8ee

SHA256
c2f9acc438221a1d650abea5aebe83792a0a021c0643d9c8be27d735a01ba391

SHA512
513fcafc7eaaf4ad4ac4b45f175054c1b1ef65cf3cf11bbc6045afd422ed892364046ac4dbdb41344bbad5a8d74806ffa3de7c3d12b9f36b747e55b9e9f8bcdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5624db2fee38a7696265ec47da97abe

SHA1
23d9d0200b30a052438e450047f924e3775af0e7

SHA256
197e596e5a36d4e970d33ec1ad961e23347a4cef1128d06be0d72d4653a55ba2

SHA512
236a387632de19c12fc9e3b08203fb2b80869130107981af15036de84ea11e84723a81597b86273711df84293a7b5dececaf7237507c68fd6801bb240d91486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
14a46ea5d3d078ab0fdcdd45e2481bfd

SHA1
f2b6fca7e22e0612efe31e2492f4a71be712bfde

SHA256
3d54887ea686a7ac4a3446c160476d7a6a4c97bab476ef490c22c0a00e02bbfa

SHA512
87252face7113ee19e596bd7bfa56d80b7449782f0886abfc295125b3ee0d04c27fac2266e60f1aafd3412ea415834c3790b7c3cfc72d71e9b724e12ec6cdc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d4455a65a6da16a4a58ccf8835ccca55

SHA1
12f66dc27fec40cf1cff6e76547d37ce94259df8

SHA256
cc5d99c8879e2ef818e21ceff9c77a93a9de66b1bffa6a87f42fcd604445ae95

SHA512
1a64e5e27a13e91673a49b028070c174e64416df12d027f7d0d81dae10898a873673b672227fa90ed5ac5a19f28fbe25c9e1cb8f3e97670441e00b9a9fde97eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1cb7272d7f3d61bef572b6d0628ae8ef

SHA1
b31cba9d65c704d817a1a80ebe5d15b9adf006c0

SHA256
078d9213feb52084b37b7258c6f8c0da5c2d0aaf2f86b528021ad73f5ebf38c0

SHA512
7d3190d864cce598ac4bbe83890808595bb58f58bf81aee86c971c94160ed492851bf73353855b06e2ebcdf7d74cc30369d9aed8ca3d387a8bbb5cabf5d6dec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe2c55458a9da0cd1be5c94de7852c54

SHA1
2cbcbdde7b72ad45d033be29a5dff7f6ca66f4ec

SHA256
19470eda6b10ef2afbdfa50a9cba3f684e55dac3fc5507bf93ce10a0a97c8667

SHA512
49552bacc89ebde88a8f897f700d76f960a692a60e2342a4aa2f14636e50a2b7e6c5e7dddf2650f11cf6f3e8666be2cbe4d3611954949be33044d1412b0d6e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
935cb9a74b6b6d5f9a5484ce321cb87c

SHA1
7d8e7bcef53374afd23ecfcd7402df9a5bf415d4

SHA256
582f7495a33970ab25ca5074ad1baa6a5bbfd501aa12b617e9fdacd1e72a5129

SHA512
9a431f157d0df7c88237a37e14b0ded4f25d6c4696ad940a3073ccc40432cbb0ffb0989305eb21cadd516c85c503f856abc5d2dfcb93e6edae59be7df8caf32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33c2896fea7af71360db5f8b44a2c78f

SHA1
28c7965ef92bfe5138ef0de388c1d779c6154332

SHA256
1077f67cc0007da0e2b37d181e8bf0df31aa571f9ab2d2f2528337eb570fb411

SHA512
cdeaac9705ee43357f7ae60c138427b63ea89e354cbe212d7db1f590fc741bc810b2d878cd7e7446116e3845a734685336651feaf82397c42274d2cd17d4c126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58d27172ece6c1b84f5b2b9fbf0beca1

SHA1
a65ec97aa170af7a4669cd6b5741e435e53386d9

SHA256
23c28a38163e8a03cb4803a72cf61f7a5d5a7a3845631fd430bf1902958fa013

SHA512
819a7d8168df094ed3b01ccb566f8cf62a740195b0bf5039cb74ea1d68e6e343273621ff43cc6a89f7ee352853a0dc606b15d0ee6f69d9b8fa544b9a4a4e90b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cedd83fba9186f2df73b6413def24aca

SHA1
44a3ff2b413df438cdee22a7e8a7cb882e240400

SHA256
b3f8a59611ff4c97008b2af1f282b34d5ff24f03408e0d4ca4d71ab01bbb5414

SHA512
5de4083073ef083a036bd254959fef6775d6358e7dfe1b17feb89b88f25be86e151ce48bd59ab8ed859ff9382598584c81d88df8921b67387ded7a8d501a4ee0

Download Submit