hxxps://drive[.]google[.]com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Resubmissions

24-11-2024 04:51

241124-fhcm9svmdv 6

24-11-2024 04:50

241124-fgcxms1lhm 6

24-11-2024 04:47

241124-femn3avldv 6

Analysis

max time kernel
525s
max time network
527s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-11-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
1	drive.google.com
3	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
3136	msedge.exe
3136	msedge.exe
1168	msedge.exe
1168	msedge.exe
1220	identity_helper.exe
1220	identity_helper.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 3188	3136	msedge.exe	79
PID 3136 wrote to memory of 3188	3136	msedge.exe	79
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 1068	3136	msedge.exe	80
PID 3136 wrote to memory of 2632	3136	msedge.exe	81
PID 3136 wrote to memory of 2632	3136	msedge.exe	81
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82
PID 3136 wrote to memory of 700	3136	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94dfa3cb8,0x7ff94dfa3cc8,0x7ff94dfa3cd8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,14131956583152367363,2450221540274362105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e85ba16577ee41e4b1f9ba06047f33d3

SHA1
eb6c91a78e408af1f9ff9a3596fc8f95d32d203d

SHA256
d5657edca968167305a6173202f16e512c3c1f0b930da50bbd1d402e2f420915

SHA512
054e63e28c222ed927802abd2d28ec9a7eb80e0b876a296de1e0ad3ea553ab4f56ee4560a5a06e77e7752a07f8bf644cbbf39da7926fb48d94b5707159eafb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
314591b191baefdbeeb75bc08d973b3d

SHA1
cfa2cfe5b5821d4add395108f1f47a67ca37300e

SHA256
71b15a8468b1c46d723bf0523f23e28f4f5b493923fbfd5615863fd7554d72a7

SHA512
57fd33ce93aa02adb20c1fdfa6b7e89aea40981ee63a32aa05324ba3eed4e72da64b01fcd6e9c438b4372c264b0f529bcaef9a99d209424be91b9a9ef17b307a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5e7dd077f7d4bf326aa3e81884552438

SHA1
eb2d5fb2d4d3624996c04f2b5b508220b33ff443

SHA256
5d629cf36d42627ce7ae0eb5210348e4542a0d2cc95932c053af48460e0fee30

SHA512
dfc5b2ad893492213e6ff7ac29f9141a64088bed752527f9889e692c2fbbf0eaf95b7564c6a5711749968b9a83547919d0d2f13113cd7d4a13d33165caaa6d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4573df2433bc474f06d7b9e39cd01c8f

SHA1
04dad07d2d91aad81496bf5b897ae56c93b153be

SHA256
c096da354e0316ff32ae06888d8cab51c1808d0584d13a0ea328354d3ba85c08

SHA512
6820cda49c835c74328ac69ecce79b84861721aac6c2991145871f102b99016750b15858dbc0a87cd6fa7eb1cee041262b8654c8bcbc7874e80604aeed11ece2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5131d492c9cbac0875b7307d4c638648

SHA1
e9107939f8917e596114012b12ea03c2534fac3d

SHA256
b2e355e05c34235295e491de64909412061f5dfc313029614bf00f3894bdc196

SHA512
da9b14a341cafdcc27ec926d465f068ab5701a60dad477665f2382352faf593757991f631a551e19ae6b789a8d6db47d8a6b394a51fccd77f7c6612f4bc3a534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1f4926a8eff539e247f13e4a5683479a

SHA1
395a23f1ae099b230c5e4f720da10affeb3bfbb9

SHA256
ee714bc8304d3145120f4dd11b0e1390d0a4cb8c7c095fed022f87669166baed

SHA512
663a57f6b1936a2b9c8b252a2ab915bb035be7ba56ff32eb5389d36f6e8d33f937d38cdf3e2f0c2c2f0a77385492712bad1be3c8f848e29813a80fa4c455f214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c811aeca862b1ad5f8b8c79bb9527c9b

SHA1
95af9437be1ca13dc90b5bfb9a47183df6e3767f

SHA256
7e5f58ebe4f4f91fd97164a0fc52190ed436f881e0762d68de5b61242a3533b3

SHA512
6792aececee78c3405e0849a4b8e520741e62097ccd46faf13a771c0980c54d3e6d3e6672b07feb0ec6b499eb554414e723f7f11709ae0749d53ebe269e80558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fba8e924ff33935f66e38724b0e9d0b1

SHA1
c05edb875c61545a1eee2fb69ca25f037cc3c069

SHA256
3a5f166f26b66634d1df6e754029a11646f8b5589e6c5e36868b022f0c9b2fe8

SHA512
ef93843742fc4c362738a8ee0697cff7661bfe61d029073e79fadd46def7be36c590086ab8a9f562be7807c412b600a400305a6cffb688a0ce4782e610c7e06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42bd947c2d48ccf6731f0369365a194a

SHA1
09abc0002287648232abc0ab92ff9b9e6a66b26e

SHA256
bda13c8f33355ccfd661e58bda802b0daa978e5667f5d8a50e7417be5358e1e4

SHA512
93a4b90d2670bd07631bdbee7b272aaa074344447789bc8e530b0098b971ac173d30b97033ed7c496250aa45c36f691bdd81d51d19b77d74ca2026c3bbf2613f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cd30e67348af820dbc4c8b29c587238

SHA1
1df2e5d8a1c47beddb27268294e7cf973102c918

SHA256
1d3c6640a609530a8eec5ab32e95ff442c901107cec57906243507c734f80429

SHA512
78a3e5f3454e57becee9e49ae25628f8e9dd5a47aa50531476e71484dd2a255a508ff02083f74de9c64a734dfc1bb20eb04c4ab0c6ab8f82eb4e54f4fb64d642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
325dfe113f654ab3131dfd45f1bd128f

SHA1
cd39660f88a692df415fc951ed0f4a178aeb36e6

SHA256
151d58ac89569cacf65c4b00eb8bbcb243d6c5b11fddd9bb928b8fea1fe044a6

SHA512
4ff8fd26a80e00079b069b2d540f50961322755cd273ddb8cf99f8cf930b9fdfa32ab56b3e2abe93ab8de90cf49219c396fe41acd9f674303b6ea3d99766f85e

Download Submit