hxxps://drive[.]google[.]com/file/d/12TVGJKc7EhNr_HpjYs40ZhY-xLkpEu4f

Analysis

max time kernel
113s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/12TVGJKc7EhNr_HpjYs40ZhY-xLkpEu4f

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2304	msedge.exe
2304	msedge.exe
2780	identity_helper.exe
2780	identity_helper.exe
3496	msedge.exe
3496	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4016	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3076	2304	msedge.exe	82
PID 2304 wrote to memory of 3076	2304	msedge.exe	82
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 5072	2304	msedge.exe	83
PID 2304 wrote to memory of 2912	2304	msedge.exe	84
PID 2304 wrote to memory of 2912	2304	msedge.exe	84
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85
PID 2304 wrote to memory of 5076	2304	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/12TVGJKc7EhNr_HpjYs40ZhY-xLkpEu4f
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e346f8,0x7ffe32e34708,0x7ffe32e34718
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3112 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,6933197453351349779,4492279958367404497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9128725c7fd9e12a4f7846806e66e47a

SHA1
8e6c35ef8247aea0b1f2300ba94766a4a510238c

SHA256
3a5246156cfb29acd4e9cbf6a6eb8401d1cbb4993835777873df3686c6d569c5

SHA512
fee2db89ca679d8a5d2acbfc059ea66e97251a57f79b794df4f4e2e474058338de56029ccaeee193d89a1f8d5faa04c5748d4989c8bc7569479f4defe84d6a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7446e91eb41e343a77d2ce25285d07fc

SHA1
aec7676008e2587408848d0bf0764c3fae18f8ce

SHA256
c08d54095811fcf5b7f62ff8425ca5bdee94b540d9d990536446ace57664d8a2

SHA512
50d65c147f7908c0a6ff4697edd4e9bd5794566abce1d4d65053d98cc7ca1f3f2362edd75a6163581a039ad3734ea02e83cbee5c159e19be9c0819a9f4651381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c5ae9ad985477a729f41ccec597ac09

SHA1
d48b5b36c7861e40a6310dd1f76e49017259edce

SHA256
2ce83b5c16e7e741fdcb54399e75baaff44c3143bc3d63de7ef441608c824ca5

SHA512
fb6bb13d861b024beb55c2335730593985e9b9867a11033aa78b265a4c7dd764e4aca827178be8ff2b6face861923d64bb24022d9729586fa3adcb544708f0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab1daeeb2c70dac76208194e606bb5c9

SHA1
1dc3da9fac18d33a8054927cd2d3bbac7a1656d0

SHA256
d61fa6cc25c0f9f81156e17e659c93c82f043add43437fcaae44b80e9cdb3580

SHA512
18f056c1c958a1a3b1044879471f1ad33ea3046011f74449bf48afa9ae649cf837ac118cf0d7eaa826096faebdc2e42e2608f20f3bd7ba2fa3c80ad2cde2bd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
062fca9b3e2a5d4feeb0e09fd1690f82

SHA1
2f6aac70c935c62a093f267c2b901dc9b4e13146

SHA256
28951e3c0ee0b7f030666e94667a11fc1ecf78a2fa46c0872a36160b68529572

SHA512
2e1456e2dedbd52085a6c6271283c04d4ed13a7b0ff9b4b8f90875f74b8dad6862a2b8fb7b58d9b8e8b3a74fbac1c2669f03ead4381c5534f59dd5eeb5e623ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f64676cc857d432857b70b1b0b4730f5

SHA1
fe7e1d671187dd6e9473e3dd2ddc1016676a8c59

SHA256
f2fd388516392129bea750eb6572daa85c1ad5eadd1d81840014b932e1a6f810

SHA512
440826ac4bf62279038eab47f3f3ca4d2d6474ac4c278f66f6b2cdea0f80ce54d59921de842df8408975012e70e838f28d907ba5f44ea7c7ba763e81638ca2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
53065a4d9d567f2c3e90b8b004fa6163

SHA1
007d124e02f824e6831d52b81b3c1c1c49fa9653

SHA256
ec3f74ab26ab8c3f68b414c8faf03acb62f9df3a2d716e02ee8797475779f03d

SHA512
dc7d59ead26bc8207a476a2a9730f5b3b515383a768a501ef689007bca9ca23e875b7ce9b8a18bb7ea348ab655884d86332519f5a6e13cc90c128fedc9fd4739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ee7b6f47643e3bfdfd9275b7ac3f6734

SHA1
fa972182476ed2948ef282867538f43f0770541f

SHA256
59709f7a95865aafeeb67022c249e4cf27224b1bcf53b93aefba09f2887595ac

SHA512
c5d47d142597f76dff2cb17c106bab1e6f4afb0966b19c05569882d1b4a586be1ee604a435336ce45b5e216947237df25985a182f903c33f6b16977a37f0d95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a832.TMP

Filesize
538B

MD5
b815a0d71ac433abf197ba82c65d0d08

SHA1
b75c9ce8a47d8c87d4bf3fd5281a4b2b53789fda

SHA256
d4d45ee26ca01e9b0e4e075a55a11118e46498aad1df0d788c9f5ea95681ab45

SHA512
71b478b839b566caceb9800aedf2ccab864d7b4080a1ae10eab427c861abab11ee266e7fc3162044a64f2dc7276976c2c052e8f99bf7ef4acd98f019d06c192b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16447a3449657a92f68d999d961ec6f2

SHA1
202fb783ddf7f761d2d74f8c01bc3d07df2706db

SHA256
b9115915599bde418ff9390888bb248780188b98d10852df307129ea814c6015

SHA512
4a7d175c8af6f2ab7180af41f4993535f35b602253977267d4f861f619a683be09a3bc74fb7ddeb33dc644533fa39a4946b6b74a7bb7b74492875aaf801398e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a7604664f0282f7a5129c0fb7f8c3792

SHA1
536701d5003f23c74cfe72fcb53dc710b9d2e317

SHA256
f5128e0191f1f0403e2914c602c0173cc5c674a239b53df9606be9d8e58f3e81

SHA512
b3a2ea04f405876bc8521c05de0affc5bd54269888fd700692ba42ed02963e852f8661ec718c0617a36afabb947c134ea91b85163c26304e1e58b11c6adfc22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b604723d895d551eedebee2883cf198

SHA1
509c24ae1d6b1fe225e2e42564c70a21c32d9fbd

SHA256
34a9b35693e5dc546743025ee52946fc5a21684b99afaa700eb671a01e78dd47

SHA512
994985e4ba4ce1cada0bc3bd7da7876d562808d31790e3c77dbdb0034ce710cc6c7d9e3af312b3506b9d47fbfd44da9aaa3c5c0269f6fe7bf009c2e654565dc8

Download Submit
C:\Users\Admin\Downloads\view

Filesize
618KB

MD5
cf7e837eb9d92beee38fa16ebb20da30

SHA1
cebe3019fc9209655ee83c884b29a46a2f8b76f3

SHA256
0614ab9c9dc37daa2aa43f6e90062b84c0c25044708172c8af7eb729dd705773

SHA512
4b83aaaa06a024efe9a0e865579144a24627bd1828434571c1f1331f7cd02c1fff213bd8c264d5845902e2549fc451cba27b97653bfd5f6291c02438e82699cd

Download Submit