hxxps://drive[.]google[.]com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view

Resubmissions

21/01/2025, 17:55

250121-whf9fswmbr 6

21/01/2025, 17:48

250121-wdpd9swkhp 6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/01/2025, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4120	msedge.exe
4120	msedge.exe
628	identity_helper.exe
628	identity_helper.exe
3244	msedge.exe
3244	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4836	4120	msedge.exe	82
PID 4120 wrote to memory of 4836	4120	msedge.exe	82
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4844	4120	msedge.exe	83
PID 4120 wrote to memory of 4716	4120	msedge.exe	84
PID 4120 wrote to memory of 4716	4120	msedge.exe	84
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85
PID 4120 wrote to memory of 4616	4120	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1Rp93AMn-e6f79rzWBOjUsRaQKRgOa7JT/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7795599050124838902,11887555077778466445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b0f7a70cc2b4abf0af095bc2466c8f4a

SHA1
617b83684a7ba13609e6f9503ec62788b5f95ec8

SHA256
232118159b21fcb1f1f9ffb5fd321cd43e0e4f590663fb53dbbbcb81a759e7c8

SHA512
296539d6dd8d426ecc60031cdd568e75ec346a21066af727a8a9f3cb3195c8a4c0ead133c73cb3a2484132ace4e14cd5d7f43ff4578ff648ace6990493847887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5c8abb2b313855af6efe4e9643057a3a

SHA1
041385be6c00c143951ac30ef81124cd80562118

SHA256
e9d92c09c933c479356721eb308c3e7328d331c1f1852f2e9fadaf3de073d116

SHA512
09c542f03037214d7e5985a183d4f6fae800cae5b45105643843a19cdedbfee379cb0be7f15e3dc0b877604f910e802c6426bcbbabd1b3c33f8f43963ea8bcda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03b5816323f777c9cf7dec3b9784cfa2

SHA1
f8065b171a203b6b6023224f94f0354d2263eaa2

SHA256
dd467a9702678cd72e0181867ff28831a37d65b76830fa1c578810f99fb5fa91

SHA512
ffe8e3e8700e5bc7a18f44fcee0333df8e06226d29c0a732884048db6fa1119187af9cab4fe987f061969a6705f847df46a5a804e41a3c9a03e1e78ab8f644a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
499d27812c0fe24843b439696048192d

SHA1
fae5394041052cdd9506d3dfc808822d4c2dce8c

SHA256
173d19b4ef2eabf822c68e431feabc2285159dadfc54ebb2cea3f0577eb155ab

SHA512
d5fb97bf5b2d5ffed2e0f3c2b101df250e6804a79893e889369b0bca9887261e3396eb3c04913e7b755f91d9da96fb3aff09406c71565bc5aae858898a25f7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b924838a4392a9fea7433dfe2cd1cd1

SHA1
3d8d7b321422e6407fa4b9a631e45dc6f26ad650

SHA256
19f32d5f0a24f6102cde2e44dd3b8aaa1f3d1d660dfceb3c7110b3ce64e9b8dc

SHA512
87a33afcdee56a7458191e72a148693ec66954737428e8833c357bef70a6e18c74f855407f0cb1b8922b8aabd1434331625b7215abe7fa0c2e0cb7542011f13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
51c71f77e694c060af4dbb51d89d3072

SHA1
09fce4bf2db041fa4e671a200fc06c20e77ae6ea

SHA256
30fafd6afb4935cdd470e0df5640eb937cbfc08cf221d3f7c0a73017178c4c43

SHA512
b175538bbd86ecc88cf1f6ac7d059998599c5f6b1001c921a7ddb74401b2548a9c9cb6894dedac2efbae03fc43452e563cea9cb8b457c4e0ecff3366366c7492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb9ed5b25d7c6e518dc9868e97450df3

SHA1
971dbcf4083861cf1c2f6c32ccb25203e9dd7ab1

SHA256
1e1ae0bce32b8078328512a115650ab7e9cacbfab5c737ada02203d4fe1b8e6e

SHA512
eafcfe662a507fe3bca750a13e44d9de1b1e75b20c0cfe0cf0d7c0364bbd43e1f44feb69f0ca256ff753416ab9077825e6d096a2eb1404041728eb88eaa0da5a

Download Submit