hxxps://drive[.]google[.]com/file/d/1J4zA1RsnN_dE_2eLB1B2OxZS5kl6qkme/view

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1J4zA1RsnN_dE_2eLB1B2OxZS5kl6qkme/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2280	msedge.exe
2280	msedge.exe
3500	identity_helper.exe
3500	identity_helper.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3780	2280	msedge.exe	83
PID 2280 wrote to memory of 3780	2280	msedge.exe	83
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 4044	2280	msedge.exe	84
PID 2280 wrote to memory of 2536	2280	msedge.exe	85
PID 2280 wrote to memory of 2536	2280	msedge.exe	85
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86
PID 2280 wrote to memory of 1416	2280	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1J4zA1RsnN_dE_2eLB1B2OxZS5kl6qkme/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,17070162270252669275,1270629379096684237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
0d17932e0626482afe8b6f310e47cb24

SHA1
78dd115cea950e82c6428486836b1975b6630573

SHA256
1f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252

SHA512
75e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e3c1cf5105aa5c0d771034d288454782

SHA1
4e90b3cea82025dbe7d594a68f9b42c07e62a430

SHA256
fbe85a80130c3a258206b9980ff431f08aa68923760f61c1069a99f8da9bd81f

SHA512
e4fff869c3916098971e5ca84c5173856cb40ac9bf4246f52e8255fc107132757923519f89f19fa6e2cb88d37934a64f8b7beb4e6661c630054f599adc6e2b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
179add0a28dff1d95322b6492cece1cf

SHA1
f852073f4d0600f11dd75782aa220087230efad6

SHA256
eac8a6c4c42b610c79d09740483312e94aa4340947beb8f9942473ded53f7f1b

SHA512
226c42f5cb6a4549532cf65419a323a2a661dd796518b67edec1c265aa664e48213daa093613dbf43091689a308110fa12db844054b34fe77545a66ce41a5b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f14cbecb551ddf24bca136f442f25033

SHA1
dd57e20c0cc6ade8501963a3531afbd6b465654e

SHA256
f625ad28d1d7c82d02ecd05d0b8af16c8ab2017f8792a640fca861d9f55e7119

SHA512
c92277c4166957a4283282d8a53d4c515832d37b18fc39565eab08ad92b221732a3ebee5ea2a5870f405be8e4d9b13c7a61f29933f3b4cb2c012acdf955e1a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c1fed438f9cc1c95439edca923c3f767

SHA1
9489550d81ead7a0e67733aea235fbfa7bf38413

SHA256
4bf9b4bf000841ce22a4a7c4dbb87e46e442bf5f214a0ae1a452520b0da19499

SHA512
583c70ceac2089d6aea256e57d4e0ce3566c1f28d0b09c60f9c820e65e7ff7bd97ac4c66fa940599f300a9087a3d28725a2d1793c2030ca112258b2487be82c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
573fda8e8384dad5f59de589986dfb0f

SHA1
598efae0a5c422a1068a4526d98ff2e06aad0250

SHA256
3d2db77568fdce553dc7b7d29e4fb998edb599cdcef6849b39497f114b6c449c

SHA512
e34b18e5cb57bc227ea1248ce3c7a7ffe09c0a2d20da9971e4109e80038c3334e7c2461dfa7dc6d6d4a464157bb0e585269300f384d816aeddf4f7403ef3dc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1883419fe8b60d1131b099f540d5c67c

SHA1
21f8f0439fa15fcb1b7351fc2fd7bfdf5433291a

SHA256
736cfb64c2853bb51f43ddce7d92450e12ef1a2e93272382441f24ed25149506

SHA512
e88cc67775a9140f05f6a3159cea181cc615842b0d95a39d47716ab09aeb7cca9604a027e700eb69910277eae5c99f1f72a934a05c582c15c6f78b1ef6b70fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77e3e9292075e2a461f5b3738038945a

SHA1
d3ff124d633c35d3f82e6bf5898cb55d5ad5f4fc

SHA256
309f94a50654ebb4a9615e96f9be135de3840e5fcff74b530535e205b161fc3c

SHA512
7b9d93b3804ec58169e91f9ac337420929db23091576a08dca88842ee71f6c2229d62b2538d1a3eca812c8c344c070b5b4eacea1a666f852282c693b1fdda8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2c4bf5479563620e350c3a34409980c

SHA1
21b672a5b42dd882cfca9e0cb858eece041acb6b

SHA256
e28f1f0a56cdb352df3a03038530d48a657285506d458872748af86db79523a7

SHA512
14c7ac8f9c3f47a54544f081e56e99c12177c31fc4a4269e8fec0fedb7060b1a5d39d7eb172e2d0bbb4615bd374eae1daea72f7ef43b472829fa90ed38208c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bb38e63697f894612fe8c46a3ea85dd

SHA1
9613bebec86db65141e81708a3dcf0d849e39022

SHA256
b6f084a78997af07d784c60ab56bddfd9d34d7cc9897494862c157628bdc1424

SHA512
4baef5d3f3b3b39136f8f3c305d8bebaeef923374d8e0be205c3340f1c3642c4088b2929b24f5fdd64b4b70275748ae73a2de0f1a11fed0aea8ce402a699fd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36cc090155530ecf7363dc1e53070f37

SHA1
86182a05b1eede3f59a8ec68d54b79a418cff60b

SHA256
629d89e5692e566d0f6d080c43a5c4758d39980557cda67fa6d4fa305d3c3395

SHA512
d3238f294cd96b727a6a8e503e2de1acf9270fd3ac3e09e45bfc746a4c08d4d1e10d33ed320e56a90acef47c0f1b68a71bc15153a8a730c855b3b206a14bffe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a6b.TMP

Filesize
1KB

MD5
be6b74f8c60bfdd5def3bc2bd534616d

SHA1
bdb209bcc03327acf017d5e64b67575407d882f9

SHA256
59cb7d96fd24edf635472bbb8c8b6c849baa42f3daa5896bc20346a68fea62e3

SHA512
ac8e307ba7929355ce62bc74ad4458acbe785dcb38ab1b2dc7e65c4cdc2994447f1534021f8f44946549a4376c2bf06042c297f3b482a4d8ec648adc3d3ff47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6292b349969e550f3ca4971d18e1d2df

SHA1
56d790837d8ddc8895eb94828a9f94ccb55fe6cf

SHA256
b69e8ccba6c5df57c5e03790eb6789f393c7ade2823fd72c9eb5a286c0beb69e

SHA512
3aa1c87f2904855f4a0b316a1bca2d413a46f45ee7b1ebb6e30fb2c51a8f8e1b9ec8b9120ca56b7839a15ed2499a0b5daa88dc41399463e79293dd4ba61950ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit