hxxps://drive[.]google[.]com/file/d/1GafMoqAanW99derij5n09N4XnZVvOH0D/view

Analysis

max time kernel
600s
max time network
526s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-12-2024 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1GafMoqAanW99derij5n09N4XnZVvOH0D/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
1412	msedge.exe
1412	msedge.exe
3132	msedge.exe
3132	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 3408	1412	msedge.exe	77
PID 1412 wrote to memory of 3408	1412	msedge.exe	77
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 2004	1412	msedge.exe	78
PID 1412 wrote to memory of 4648	1412	msedge.exe	79
PID 1412 wrote to memory of 4648	1412	msedge.exe	79
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80
PID 1412 wrote to memory of 3716	1412	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1GafMoqAanW99derij5n09N4XnZVvOH0D/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff895623cb8,0x7ff895623cc8,0x7ff895623cd8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14545938601345380325,6850047724152364961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a1e429bbffee0dd32b33c5589695508f

SHA1
edf19db7f1eea5fc94ef36c7c232755e8582bb64

SHA256
c4a28ccd10cf7db10e8577f6e9f7066bfef3f1ab327a5f956d147e542f5b50e9

SHA512
0d3df70ef0440215c27433887355b66fde29e59ebece026e033881c6e09d8db6a48a07f627cbc19a73eb07688e24442a8dad465751b79bc589694867fc917fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1450011b8c66b8dab1bdbdbb221ce244

SHA1
e42526653cfa9aaf7eb0e9e6b39575877120e7e1

SHA256
129d2c724fed3791e11aac6d1d571fd0c2f9f48d793bf7fd6ee134c482a729e6

SHA512
b8b8a9225942a02a8c2c58450f466e701e8a7374b8647cf5867a9502526adb235442ab073153e24f6117590089e24b6215f04b5420203d03bb32268396493426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b471bb77b98fdebb0cf9af313b2d3c0

SHA1
636c23f48582787c8e1d1c9652d990b6bebff50c

SHA256
19e670e0ada277b0803a21ca320210aeb626e9c2a7804871ce39b94c79d3283f

SHA512
4f99995d0b0afd8f35c53b559400af5da7c9e3028b72f528a807e80a6c99fafc98dcbb46c34f048381b0c6385b8024477fe4b9147479a4b3cb98124e2a75f1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fbf8be08a642867ec868ca3b2c5ce1c1

SHA1
8734e474a7d06f8a8c205258df89db3cd6466569

SHA256
d4cc63b6db0745576d2dff80f971e1e0b939c0cba35a46f4b4621dde4615db48

SHA512
8ffe468dacabe01d61cc2f16bbae964ce3e64ffacf64e1e4bb18d5b8bd284b9c33e8c87aad46b65ae4db8a4abe3b6bb8f66d8670e54cbe2853c2d9db0d4425a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a3933b9a4091632ed4826c29a557080f

SHA1
29355e5d9f9122e5bb006cead15b8f683a043e06

SHA256
9854914bf3a821ffb8503cb44fb289e3ccb6a14d0059dacc8a1724f0d9b13ec1

SHA512
402c82bb771f57e1a922dae23f4bfa53309aab34263df01655014a1b8b1d3d09a083f70e7a105bb838680fa0822506c82c72d9df0da6f32030ffbd3b947fd39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ab0eff43e75c70fbfd6baadb6de1fd64

SHA1
732724862028198f1164f87c3946fec82eccf608

SHA256
e02748dc0bb14211b20f510a5c82af8c8234423d1330f885aeeb17aabf3ac8f9

SHA512
ef3034781006040529a3384d975d277245cd73628d8985e5558e54dcc75d885aedd0ae60262205bd516b08d37fc59bb172b5eff7970ad47616a4d08ee301eadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3b48f1aabef195bccbe72f425010cd0

SHA1
9a8d7857dee0a4cfe69b4789cf5bc75466bcc08f

SHA256
b088e201c9a9ad11446f9b6ed427f7880ee5a7961f93e9545c39cd6768ce78f2

SHA512
a489b2a785e6821a4bf262e3631401f9396ceca29b55127e203918fe7f77f1ea5cd30e28bf000241008c99b28aacdbef624b4f29054708e657b9ac0a0571ddaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5d5daaa73c77c349df95ee97ca97fea6

SHA1
1abcdda0df14c4b118a07438f0881a2a39f3235d

SHA256
286e2e264b4350a1ad2e1fec1e9b146a28fc5016179eec1c3e0a4c0763440bbb

SHA512
0e4f6c5cd1cd8cd0f3377db5a4afd4597f15ac21e5996c3df1241e06a5d442cdbfdbc6de84d7f688ef6280e641a2022ead8fe12c913178e76d3f1d9ceb515fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61b1a886415fb6ba0f0b3506586e9434

SHA1
68851575553f16e6f855c6543dceda52d9b1b9fa

SHA256
7a5b15c6df5b0e8884f9d9cc7776298cf3ea3998ea07689d81e5980763bc0792

SHA512
c0eb95a798c5da535f692c919b16e45bdc7d65056ead17fa27052ccbbe2e074b11d09dc32751235c7dfde9b15085aad9f6b6d48be43036bd9cf8ba0c37b47ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c42280d147486aceddf2e93403c7425c

SHA1
d17ecc0b5072c178f6abac6d51bec91e9dab8dfe

SHA256
29a31625f95f96c9a66681efbf51667a24a15ff5a216250fc5de046c138141a2

SHA512
9e2f25c87b8bfff494f7f265d680f05f96cbc1d8bce1e67f51f0b3b9d462b005a6b75b3cb6f459d35934133499ff5b965129d44ddea5bd866428a7fb8722eef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0125565b1906cb3ee96dec9612016299

SHA1
8d69e842a3767eb682c03f3094d44ae8926afb31

SHA256
589a99a2dd9cdbb9067a09fb4696e24330f1fb65547f2eed0767470c37d9a2aa

SHA512
eca433371dc632c7b24da51f66b11efca10316650164b12f50fde106f07879e978638eaaf3c5ab995ce7c4167b8b9c5456969454b79b181fc33947f254436ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55fca7f26357b68bbef6a9f7d0732189

SHA1
5dd1a96682c7889e828a267d49ce8115c8ea25c6

SHA256
644d27f9a77df5067955df56df3b52933a85664ad5f9ccb85119059985c22a49

SHA512
a976f929ddfbb54c6dc00c295c9c594628cd5f185b2a50070ffa92b68648ac9df6a6852085249a6abdf77812050dac0e3cf1464b35e80e1256ef84a480895d86

Download Submit