hxxps://drive[.]google[.]com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail

Analysis

max time kernel
523s
max time network
528s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-12-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4576	msedge.exe
4576	msedge.exe
4068	msedge.exe
4068	msedge.exe
2180	msedge.exe
2180	msedge.exe
1360	identity_helper.exe
1360	identity_helper.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 3464	4068	msedge.exe	78
PID 4068 wrote to memory of 3464	4068	msedge.exe	78
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 3728	4068	msedge.exe	79
PID 4068 wrote to memory of 4576	4068	msedge.exe	80
PID 4068 wrote to memory of 4576	4068	msedge.exe	80
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81
PID 4068 wrote to memory of 3512	4068	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1nant0JWgN-23O8zk310TPSZCkKY_f_iV/view?usp=gmail
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe0e083cb8,0x7ffe0e083cc8,0x7ffe0e083cd8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7479517521605142262,9275310488372826784,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8f690db317696111ce2db8ff38559fba

SHA1
ce38e08a301afac776864cf0e59dd0be2027bb09

SHA256
d35b2455f970c692856368d64fee386a5ef94800df9c2d7d2b789cfd7fe42dda

SHA512
e712e92db19191dbbd405a04bc2e99cda16830d679adab4b84e37352a073a6edf0ddcc4033562f1661d42ea37a96cf968ab84dd6d6760b1661815e544952b771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3803a4717176a245776e2025c843455f

SHA1
9642b31fd713a9fdc7cb693c14d351b00a2fc463

SHA256
9905940c77608d7fd7727c5a41cab089b8805f6a487439ec0d8d842cd574352a

SHA512
ecf1b895af92e27b276f1d78ff62c1ee31fb352444c9733c4d97d9836e7dacefc264bcc90c1f8ae30bad6ade3f18139f3d0dd1512f85689e017e9d71f11bbfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
49aa95305985efaf81cee92cd83dd942

SHA1
540ed5eb2f445cb853e70a705bac6a3ee4be8975

SHA256
9572b6444b060caf705727c93e47005e3c1bc94690cccbf4eeba6b2d7b4625df

SHA512
d8a958f310390488a77239147937d66f01478a9493e261355067f366a3235aa81a849e6bfcc9d0461483833ee76a4553b22a60485f8d5b170259a48d99968322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
90ef65052c3f99ab84364386dd0ed01b

SHA1
ca0c1569169ef810211a305eda429ca4090a2524

SHA256
9b5e158272ee0311f6ecaef93233c3bd029460af291731f87781a48bc69e1180

SHA512
8a4af1871c5dd022f7d3aae0fa9cd772dc819331a2be6ea65b633444044c26c18819259f571a44e2f98a75b24fb4d0685a59f5abcad33db466f23f6a489020c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a2a96b3a7037f8729c4aef00c738c18

SHA1
3b2780533d93928f1ccff8ecb6794d8be0bcce68

SHA256
46e6f683a51eb0deb1bcec944246c9e84fbc85bce9c342830bb0165b61a59f7d

SHA512
e0936e43d8fb9c389823915e70e4d55441814eabca6b12e478ccd6c0863fe5c0a7101b45e96c6e312fc5c807d30d15a3ccd72787093e94f2bb27f05707345892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b16c2e1a53f20811bb13bb21e53ea8e7

SHA1
680f6b1dcbcd8696b564d11ce214eca9d45c0e95

SHA256
ef2101c23614391c17d5de4ac7294593dbdc255d72e725a6ce8120e89d9f0782

SHA512
21758000a7df9d45fa58bb9998ecfb1fd46193ee0ad62f4716e0a469f025612e9b2be1f73dcecb4c452284e7ae89986db9049f584398d0ce17807edb76421433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8e610eb913506307abffc59f624da90e

SHA1
70d486901647acac5d1e0ef66c01720746f94a40

SHA256
f2c469685936cc7d4e30b05ac4a30fa63477d1aa04d58ffba5ab18ef53741c34

SHA512
31109e0ca533b5de80585ccf1e88ba9151e4381f7b9e1c8362b5d0be50b43487a75fe8d615e7289e0b73016c90efe5f0171619509adfcd61ef534dace9a5201a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d11d55eccb2ed014097e125c2495ab41

SHA1
897ddd90a8d1a6321d61dbc453ebe88449a5cc8f

SHA256
47652d76fcbba2e82a8d2ad97c26c8163cce76d165b30348304ee28c0f24fd72

SHA512
6b54e4cbed8778c7b0cb836a3d277e5d1bbbd3a725f372ec041bd517c072fc09d44fbbc79aa56b78ae69997564e48064ac6323b4033edcf5025b3d192fc2559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2d67b2d7a9eb384ddf149de3b18d7d3

SHA1
25c51bd598efc92263d94f86161f85c4798b7133

SHA256
7bde6f428bdc600fd76cb38bc5a3ae558802859b1b9e1b32ede12aa81777f902

SHA512
0388b7b78464c946b926ce2c0ac9f1079a15578d024f71f1d1585fc97938bc6f8f66126649391f1b7eb55f938f678cfa093fa5148e2ed24cea14c8d54b107e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bcd3fd5aad6ff8fec3192ca3c34da388

SHA1
b24e80a01c62b611861f99433bbfb9f7679661a3

SHA256
44a8d6e57925eb79693c077684feffd67de06bcba41d8217aaac4ecca2f140fb

SHA512
51840142388c367d6f945b439d92f814878a0af83829933022281083dba96c052faeddab925fc5639baf460823fc66ec59c4ad44f4c5c1ae6598ecfa5089c7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
548edc9f78efa6f69ff4ba27952242c1

SHA1
6cfa7661caabee819a9ccb8a25061373d8156c80

SHA256
9715115b5f1106ce7b916cc2fd505696be98e8426f9ecca942781f2f4815631e

SHA512
0921c0a79bb3e924b7529b8d1673be2eb1ede82fda900bc3f448e9b9e3cfb3ffadce5f622bc1e4b29cb9edc146b2dab20f3aad1afab2d7796f2606d08b3e663d

Download Submit