hxxps://drive[.]google[.]com/uc?export=download&id=1A-NQjyTwhCybq54Zzou2DglS3rwQMlrR

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-02-2025 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1A-NQjyTwhCybq54Zzou2DglS3rwQMlrR

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
7	drive.google.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
61	api.ipify.org
62	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
5116	msedge.exe
5116	msedge.exe
888	msedge.exe
888	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 4816	5116	msedge.exe	82
PID 5116 wrote to memory of 4816	5116	msedge.exe	82
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 656	5116	msedge.exe	83
PID 5116 wrote to memory of 936	5116	msedge.exe	84
PID 5116 wrote to memory of 936	5116	msedge.exe	84
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85
PID 5116 wrote to memory of 2764	5116	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/uc?export=download&id=1A-NQjyTwhCybq54Zzou2DglS3rwQMlrR
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb171446f8,0x7ffb17144708,0x7ffb17144718
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4056 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13694247280505624282,18103794272981906456,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
7525f440ca165e95ca0fbba31d4881ee

SHA1
e25862cdd2b64e3451a7f965808b4577d5abb8da

SHA256
32d1fc8580d3b4a50f2b29337438836b6b852c0972eacea3638c3cd1a619506d

SHA512
bbd0a700438b1315ad5c20028c50d7551b82c589b64e3478fd78b624fd7b674652b11e833e788c10ba16cf25bfd967ec94e09f2c9e912a9e2d67b6c113eaee5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0f0f7c42a33cb0af9dcda6f8584bb120

SHA1
de4d6adcc2fe0b4a0cb33c1c7e14f2576d744fa0

SHA256
da5a9df042d326bdb0ca24a10c0e014c0ddad292cf02ed6da59fc25ba3b97e23

SHA512
579c1486025a5ceca4d28a66a8af9ab1154896bbd23d43af21add74fcda9f1034402fe1501c642a019ae02c25d9afbfc0f853d946f580583818a27ac643bf1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
943B

MD5
185a232536b05b9882431bc95048a37a

SHA1
7beb6a74057792d9971b51ff0d6274199825c3ee

SHA256
21311674137f396e94b2b80e1f53f4e70244fdf71f93417d3f80ea5983fb8bcb

SHA512
27883269d52b515e4918b6f6ffa871d22cf90f782fa07e87c08af1f6f3f113abae0e76f36d31ea8072871a25291eee5e45381d352ba0802f80c71011c8040f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd2f2a1d9795f5a0d51b4922bbd1829c

SHA1
0c2ac455ef750ab97890c8e1dbff9ccebbd8baa1

SHA256
15a16c083576ddfeefb20fa71607e94effa54710021eda3d1d7ac6e3a028a374

SHA512
9bdb72de3d375a0ec8dd9b721b8a245183b9771f8659f2cca9cba75a9da9e47c8f7ac63d296906bf557af59af6370c9d14b3f0adcc72ee73b5c310f16419ccec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ac81940042ff1c7812e0e8babfa17d2

SHA1
a405d0f56d2be6446621e46250e0ac1af8f9c4e5

SHA256
1736307cc3551c14099208e75c52e9085e66d29043304d1a97c608be9c2231bc

SHA512
4217f4ed1733cbca88393dc725820ff7555d1cb530071b6629039c5dd69b66284a140dab97c7c4170159213f1914d46de26fc4241bbd58a1c56859d11cd4ecc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f055e34ce5be07e9db6a867352b75b66

SHA1
9d8a8011c72532adf2697ba74e371901f1058cfc

SHA256
6dd704c4b1bd6a670440a68ae172e757dd332d7bdb708be9e5d4d04fff58e71f

SHA512
fd0935ac58466b9355117068eea12ac277472666ce8d7f24724b994f953f1564c44f42f69f9c9708680997f9bf7f20f199fa1d03c808b2123f66a6d6ef097ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
177bd8412a4cd70447ceb43f5d43c273

SHA1
50964e81dcc695347eeba79d634b60b3e5d15f10

SHA256
8875493bf22d4f640b36bc5a7300f2974a6cc6288f3337656e341c1bffe49d8a

SHA512
37f63ca2cf4e8ae8950fd898e66db37d265fe2ecb810c6d776f913763b251fbee154ba2b395497097e90370a73897781d09e2a3dd8decd318846c275710e8d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
39ca8851e96e412556a8e86d596a9fbb

SHA1
5c9d28fbace3d44ce667cd6f5e19b2c9afc3f7d0

SHA256
76ba5dc9afca110ba680a8db5c5beaef0638e0789b5e24f92e50d0eb7740722e

SHA512
22e791926495230b98a9d7f6ccc57d2a14d460a7af37af45a4d11a3a006aa6ae1a2d16891e833c58be7a3b36e9612bb76e9cf25facaf7495b26a79d715b7c218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
95dea5bcfb1a1eb7921413681079772c

SHA1
3ede97240d846575a3980f87a45ea51e65fdc3b1

SHA256
e259ec3bc09c197c6d11498add06b93ac5bdf1e34d2c3fde5e91c97bb2ac1d44

SHA512
e7bdde8693013b094ca8edc58f8493f9866bee5931c0ab3a91179e0cbe619da80a23019b350fa338b1e640bfbba11ef0548d051aea786821ed12c57cb7b8c7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4ef.TMP

Filesize
371B

MD5
807960828b0e4fac21f6299eb2668534

SHA1
3ace365dd3573ceaea1dc296c93a993026dac35c

SHA256
91043d3f16b76c542d777917972e0cf5fea26753d6051828e96b7a1df5151970

SHA512
4497e7adf42acc867a863ed26fc7f1c3acb47fe664a639d210accec19ee627c7899dae62e9a434a00d73b5816798408f7efffce37b90e5f0e27bafd96345a31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee8564586e556cf49068d4c0b9b42712

SHA1
e43e1f36f502022935894f19d3e26e977bb4c3b4

SHA256
02af296cfa941c994bc7e75684fc34508a7c78ad44323769b0db8b34e9e989e2

SHA512
ca741299a62bdba5876c54886573e77ba7dc28387c72461c8a1fe48d1d523d4b5564e2a23318c6e0aa38b915a171177eb46678a641562f5435aadbf57b9a120c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit