hxxps://drive[.]google[.]com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view

Resubmissions

15-10-2024 00:16

241015-aktrnstdqc 7

15-10-2024 00:14

241015-ajnh9stdle 6

Analysis

max time kernel
99s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20241007-uk
resource tags

arch:x64arch:x86image:win11-20241007-uklocale:uk-uaos:windows11-21h2-x64systemwindows
submitted
15-10-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\EASyKIT Public Beta 0.9.7z:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
2108	msedge.exe
2108	msedge.exe
972	msedge.exe
972	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
772	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 576	2108	msedge.exe	77
PID 2108 wrote to memory of 576	2108	msedge.exe	77
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2788	2108	msedge.exe	78
PID 2108 wrote to memory of 2984	2108	msedge.exe	79
PID 2108 wrote to memory of 2984	2108	msedge.exe	79
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80
PID 2108 wrote to memory of 3320	2108	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe0be3cb8,0x7ffbe0be3cc8,0x7ffbe0be3cd8
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1784,15017235787787696996,16797670015912959099,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e7855ade28bfa0d1723c69a24b8e6cc2

SHA1
a0e6e5ad121272256e09c75c998174d67d19c935

SHA256
02355b770cbe11a71f71775ed894b3002c0b573b714bc3c764d8121c294c05e8

SHA512
052dfb3cf7c1e65dbe54cde8064e200c555a6ad87425958c1f72ae915b936e69a512faf22c97e818ac062a34766bfea796d5955878b6ed2b837ea843fd02ac80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85fa1dc21233e0e92b614c3d2e2e9ae4

SHA1
1b76bad52e4f087257a2dae3269d4acc4ee9b9a5

SHA256
1899fbcb882d4cdf97998fd8aa7f6024f905703f6a2a17064bae611ae76fcd62

SHA512
7788373e3732103b74e68eb92376137e233ce2cc1af23f91c882fe2d09e08f968d3d9fc425eecf4c67c28c2e44dd75ac8ca7d681334d80eaaed1caad99623844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
588677bea132cc3cd0ecb86edbb9208e

SHA1
79bc74290e271ac80347573d2f8a5d6cf47535d6

SHA256
e36cdae0808df1b02b915feafd7eacf1a114958d63fb7e29cfe04493db6b9f1d

SHA512
084a68a6b9d1ab2aeb4670d682b753cc346b26c55bc90160551e3daf09b05eaf2f4e549de9ddfcded47c6fc43842d9e826a327a7443fde391f322dbacbd8eeaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f9ca84f5efe4d26ad7f3a862487e9d1

SHA1
d40aa52dce4fdefb7fa30e71d1bbb0bd548e6f21

SHA256
1c01fac52dffa12745ab9691b3726e803628fa0c977f4b40bb85ece680ac9dca

SHA512
14cafc7f6f865cda1ff947fd194c57fc5ea487a9c9fd0e281ed7b865a5d0bbfd2fad990351bc3bcd08096687e324d68d2792ecc96f65e6cdcf3a5a1f78d4355d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99bddf8db746d028cf24ce50d475b318

SHA1
43432da3dd087a45ab1a87bbc8157ec0e6d3900f

SHA256
07d5c8cbc539f3b04dfef9d94fd4a216f7bfda628c3d5653e8fb5c3b627f8c29

SHA512
d427a8dd8da57948b751dd72ec6e7c35d08d666f70df22f460a4c5db899ccee4f1c2df9f859a799e47a6e774b850e4792c1811db9f6f120f139a47d8e4696b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c44d2e51d9fa74657a333ee1b589464

SHA1
2756ee2eff01f6b87aae2efc42f49ba3ca9620c7

SHA256
25ab6bf7c20322d2b4d3be91ab9572a572ae475e252611ef1769b77a84d815a4

SHA512
0b39d8b2bc1a4744228de09ff09ca8d1b9367e7121bc2b0070c869f526bc397753cc5c8b8bf8087891bf07fa45f90d3e94b8319decac3029b7edab41bc09931d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0851963163ae6ef5ad9fc46def53624

SHA1
ce487facca98404a580f35c07d251a4abbff9d9f

SHA256
f25f38de99c2728f46f91e8c2487753bf75973f50180883c4b90b400936c2041

SHA512
a154cca8814b008f2c6f412cff1f229d5be4342d486f1936ed7af39e9cba8edf42189ff20d04d056db536130d24060f8f00239f2686fc39ef80e88a3cf59ea50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
161ef04b5dd6c0f9bfa3938d9a2fec3a

SHA1
4ac9e6f8fefaf66a1e37e1805b1ffc22630bcb4c

SHA256
27124c46730cbbe3723c65c4074909d0cb37cee9b61bf2455caf1cf99b3bc038

SHA512
ed479f6737ff34d92d93898c6d142ed43e86d33a553e4da2c6e11972ca823ea4e37def55cf322729e77af0bee62753459d71c8bc26fd776243d27a7fcf730b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
727f6a1dd32208ce3ff4d19adeb2b4f2

SHA1
4d3c87fbb69cf277223775fdbbc3f44c69c61588

SHA256
828823ba4d0b2b7cad6398d31583f61220c262263907377119a2c8578b7cef36

SHA512
667e5f0e58d79860ec751227bc9610c585a2207a4c91e7c430b1b85b01edac68b4ab558380b848f3c902c03d1be91845f68e38a4084f96e3c590bb16ccee4eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1fc2ed7804239dd0a0c436a94f665bfa

SHA1
df9843277ed459bffe7ae8c99ef88790424488a2

SHA256
e695b4ef5c6d11a47023f50e3cf9bc00ae81849b7aa02caffe093c3beb42e99f

SHA512
c9855f50d95db484928ba5f4b3fb92f4d267955e144326e4b0d7d336697fc828506cd22bd529409b15da1c629cc9b15cd0888ca7ff22570c1e51e184d237275a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a744a5e468eeec4ca49402b72e86988a

SHA1
aeb3e7982057bc215a0629ef6cdfc5550506a8e9

SHA256
58a024f0b2bed1c9405d331ec2f875546c35641a84e95a0de2cd1f52bf876a92

SHA512
aaba64ff7e2b34235491699f23419bcff0c3a4ec9dc159f61865532103bf4b991477fb20b260606b9217abf677bae4970c54a9d461907e3c6bbe8bee146cc2ef

Download Submit
C:\Users\Admin\Downloads\EASyKIT Public Beta 0.9.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit