hxxps://sites[.]google[.]com/view/freenude013/home | Triage

Resubmissions

03/02/2024, 08:00

240203-jv3a8sceh3 6

03/02/2024, 07:56

240203-jswexacee3 6

03/02/2024, 07:35

240203-je699acca4 6

Analysis

max time kernel
325s
max time network
329s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
03/02/2024, 07:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/freenude013/home

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

flow	ioc
1	sites.google.com
3	sites.google.com
7	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4286256601-2211319207-2237621277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3660	msedge.exe
3660	msedge.exe
916	identity_helper.exe
916	identity_helper.exe
3908	msedge.exe
3908	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4800	3660	msedge.exe	66
PID 3660 wrote to memory of 4800	3660	msedge.exe	66
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 4912	3660	msedge.exe	80
PID 3660 wrote to memory of 3080	3660	msedge.exe	81
PID 3660 wrote to memory of 3080	3660	msedge.exe	81
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82
PID 3660 wrote to memory of 1864	3660	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/view/freenude013/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2743cb8,0x7ffca2743cc8,0x7ffca2743cd8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1920,11455641669742908692,16846244553261255737,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0bed556ffeb1e69835b408d733b041f0

SHA1
e2aec94abd489a26f36a9694c7ef3903af6409b6

SHA256
7d60b9117a935eaba25d7273a5b5e8ba04ece22672661ecb37a3c8a08f61def3

SHA512
47d492a7c72f9d12511f070d7d28451b1c52c5f0d446890e704b02bbc51330b1890c5ac4e050d514ff1bfd9c64421adeebee114718042af5aee3f5fdfb413fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
ff7f7634512908c692b15ab4c45a5991

SHA1
f68eb00f9c5fe5d8fb1596ef945ae04909be57cd

SHA256
c73cf3dcc0473a093567b0fc944e677eabca87445818579312c030ef1f8a56fe

SHA512
10b60433a04191c4a726c2adff96f6b6d96d35d61801eaefdcf6dfdd2b75a91065baaf569c293bd9ef313dee970076baf6d98911558bdf04be0876d968ff75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a30ef3bdf4c27ef88f035dcac29bc8f3

SHA1
b948442027bd57f1428fc7dd2f5cb7819a742d6c

SHA256
acdf006bd2e49d203efb8706ea03ddde0f0ef46b680312eec005737487282eb9

SHA512
cb2e801010de7f2aed6589b3db6a4f2aa2aaa5c721795f7ae7a9394a4d63c60118b4d6afa39c56af5991d483cbc6d25ff6a239c8cb5b6a46f4830f1286fa7dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3e704e9ec5b1b81e2c2b0ffd2e044e5

SHA1
b035b03a53b287a1bf28b771bad0f2976b058dbf

SHA256
58b600bef473ac39849a083557858f68f143fab26ae315b0a73efab07b3b2607

SHA512
2630b4f98591c3cd697409ebf5084fcfbba4ec8e241ff879bd404926261770bc8585ba63920741e9309e8039dd8989e85c202bbc081e4feb3daa2bc3d4e23834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
328b723ec5d683ce449b840b43596fdc

SHA1
d58eb3fdbc16adf81bfe1b78a601ce2434e615d8

SHA256
0b5c7920680e4369d41b0be07c9fe704e908df91306e41924680e9da4ccbc5a4

SHA512
fd993fcf6146a6a952c6764438e98d92bb1a94ca89be0bf16e18d6034e7e599a1fe7da18aaa9908b0985494af066dd61ec255d89563515c5efa0eaf69a476faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6261d0095838648a18148cc7871ac3d8

SHA1
a538eb3a8c56acc05f0245c62a2d5268584b5c34

SHA256
ddb6f5df2a4d54ae293ffbf7492f74cea976dbac67eaecc41b412640214815dc

SHA512
5b05bcb036712a1f9b0447fcead84e9e56cee3749bc5b833964f32feaa5ece54f37f777e2a639a2cc5bb6a2c525ae6de4c84b13264d59194e40cd352af9a2d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
19c8fd4ce57d7d91dd2dce57b084436e

SHA1
7406fbe792fbcddf21a4e23a36e4827afb50f8f4

SHA256
a709d25470a4380d0ba08e9fc7377fb33b9b15042ccc9e144f6936c9cb459100

SHA512
a4f1963ba826d0a9a225cdabcace99fba491848c8292edcf73cf055a68e1354a8c687c25b88171ecda2df85cf1a5acd8261ea66270c34bacb353f35f9b28ae10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68874f5c516a5e00b6eb545a69cb2870

SHA1
3f8ca1f347a22e216b5e56527ffcae9f458a641c

SHA256
028000721f119f34d0eeaa3b6cd2039e1fee5233ae21026129e02c7bfc82bd75

SHA512
f576fbca5617ab6c0d89036cd28bf3d27c15555bfa4e19f444e7f720f22a89acf04d830679de8ef79f8b401c5246f84a49e2d5c14c4a2f9f53f68cde9637ef74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f269fea0e3d1aa29806b34ace9bb4ee9

SHA1
abcf711782d35f940d1901090cb8b92a73c568bc

SHA256
a987640b1f78f2c35da0b49b6ad1222bad50a05df8f1567bae92a21baf2eb0ff

SHA512
8882eaff7a9ca8941b17bebae9a49e1ec14c0013519e40babdd457c6011ba92086afe27510d00e0a9ea28ead1a22628d03234318c2da880d7405b8c8060b0661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66aed4ebdba06638bd86e1e4a4909481

SHA1
78c3f5a831490d9bc8660bfefd3aa027f6c43dad

SHA256
7bd070fef1542125394e473941ac453e05f0731ca9a8fee7eeae673f452def15

SHA512
6cb8675ef7eb174474229c45a4ae05e342f2dab595f060b411ef6edd95cfad43d6f041f8998b471668afd60fe63e7a5f89a1c9477c2c79491e50d5c730d196a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7cbf62ac05c53191689adae30f9fc54

SHA1
cb91cb484a0cf1737ee6d1f2ebf00954f7b95c69

SHA256
a94b88e72a46f8a990b5f6926536e62e601ee275d19f06313a5497f72cb9fc81

SHA512
4f8787cf9ee20c652da4a0a66c1ff8135af88d38a4275797a0b2f827ac38477008da0235d4d68325c8ef495c4c7c142f8b00334114ce596d9c540ff578344dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5e1542ec05a1840cfb56ae87d1c2e16e

SHA1
25bdd95b83b7c614a6446609cff6ecbcab58d9d8

SHA256
41acd6ffea81ff1b8b58a4693696a397817473eb899edbf6606314820a8e40b8

SHA512
12c32368cbedc3d2515907ab740c75022fc4eaecec9b45734f346db0df209e667b066b2fcd891e84193868ecec8b892e7b484c66a8b329562bad53a69b25c0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
49837d6f8c7ae11b57489ab3b8b620a7

SHA1
b8f0ac59f04991b6455e8aa489ac9460d3d99e7f

SHA256
fd3e7e4d0b6ec7cee1580bce1cf444699275ec4934c503a3ffd210f082ced64c

SHA512
1b67af27c551f1ec27ed67f3beb78b5958154ea8a3ee2be304d30e8c3d9ab42e4a62a0ef17504568808b869d7220e748f9ac34c48fa1680c85215fea4b4d9294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4d9f61fdea45fdb8f6d643092a58f346

SHA1
514b0f4cbfa0cc6d6a1365caeb0f7b14a9096493

SHA256
ff42be66faeddb18d2c07c9bdf1abe7ce2195ab46b878b9e65a52995f5339c39

SHA512
e2dd3ae33b9014a318e06cf3aded19c929b3968644219a3c61631312bf2e4e6cbfe2dcf8cacd2331939623c92ceefd1864ed31b80a8b3289ee67c3815e1a4406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5be9d829dc446a514919f39ac8044d7d

SHA1
9ff76510316d0534d1f0f89aae94a915b89985b0

SHA256
0650034e0579abdebddeb4ba824cfa5b4039c1bea60a78b4378356d458094cff

SHA512
24090a130b6b3f9d902b1421cdb8bc23bef8141bbaa8826cd7926a3e29edd74e9c74e06b503147dc4002c481c5edc90e677ea7db101d3f6936d1dd7cbe07104c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595f8b.TMP

Filesize
204B

MD5
55fd5aa248ca7f6840f8c98e7cac762b

SHA1
43702b0b775d001c91646ff7517a44a4079ee258

SHA256
496690c60d03993b6f4b431c39063103347f53733473de2370c3ea5343e99365

SHA512
4bde493871068bddafc5324a8f48a0f96b14a8f4e445a32931a35271316797af104d2ff7bd17538785200994b604fa58a0e648189d9f7d00f502c596fcbe115d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d95828ee2bb225edfea25c7e29c5156

SHA1
a4166d9af00aebb6ddde7355ca11782f5a6e34d0

SHA256
494268d455760f92b5e1f057ffd1ef8a01288102bf346405503468b5ac8c710a

SHA512
0f4ed051ce5fa88846ad891340a6bec6bd0269f2983d87a33224986e6cd12912d4745de49c360e325fe3793288e1f2838ed7c58f3461503d77d2684835a19b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af8386582f329552cf1fb833d338b09d

SHA1
bc69888d5c73bb66faae80cdd78a7f352907a562

SHA256
6b68ed45fc04e20cd346b183c2bf39a760ad560c284f4235ce88e356980ef176

SHA512
d30f75b27226b31575c70a2fc26f8f530eeb97ea6191144d1f6cc795fd982913f304eb83bed4742a03cca80d26e9c84d9d387e7e69bd2ee303b726851bd5217f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
d46cf67c7632a83da991c4ed89438575

SHA1
33880a2855647bf8bba89b7ffa825eca10811685

SHA256
647b707513b448a4dce0355ed4623142a45c92b15e8c6d982c045655dbcd56ca

SHA512
36c1140968a05bc2d99cb31e254b468e7a1c65ecc70e7561c4159582b19dcf8fc3a5e5cdab8f3181184d1640056a8220bfe5f631f83a1d2ffcfabb992c878c82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit