hxxps://drive[.]google[.]com/drive/folders/1k3I1jzS8P-XBKhHoV3Z6vXmqtCeGvyPd

Analysis

max time kernel
110s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1k3I1jzS8P-XBKhHoV3Z6vXmqtCeGvyPd

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4028	msedge.exe
4028	msedge.exe
3836	identity_helper.exe
3836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 3088	4028	msedge.exe	88
PID 4028 wrote to memory of 3088	4028	msedge.exe	88
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4760	4028	msedge.exe	89
PID 4028 wrote to memory of 4796	4028	msedge.exe	90
PID 4028 wrote to memory of 4796	4028	msedge.exe	90
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91
PID 4028 wrote to memory of 5020	4028	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1k3I1jzS8P-XBKhHoV3Z6vXmqtCeGvyPd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff897b846f8,0x7ff897b84708,0x7ff897b84718
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,4568479844822065536,2059367303968019855,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:6036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
27KB

MD5
ce0b8d11a00256be872539d386e3f8e5

SHA1
64658a28b3b3a52c5332c9e1fdb8875411a4f9d2

SHA256
3a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e

SHA512
06fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a29587d75b426370ce81b09546ae13fd

SHA1
8767b729c93a5f77d34e443b5a32131d6ebcf972

SHA256
8704e5faaaffc308d5af9bdf75668c7a144b7d13f7d6a9b3315ad6615397c2ac

SHA512
4f60a82618c80f42cad810930f89d331f406fab9b4c8209dad2f9ad2926180e314e578655f20d4e0aeba42a8393f3ecc54f325b0b52a3b5374b7102e04c83983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4ef574fe0442206fee07936cf5519892

SHA1
ec28f2384556506bd9c1c0f70326f9d359f62c27

SHA256
fc7e57624381a51e32e81fe56d199910ecb5a5cbb796e5f07e4d8fb18e8943e4

SHA512
fd783a872d70b32c468f6d68ffde69802384c69579d06763cf6b6548fcd012679f94b6a95c14dd8d4d101ce1b56680d2a8ad4b153962719fd697b3e27367d277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
96c8b70cef04c10f9821d56dafaf708c

SHA1
0d722137cfc1a1addbad249d8c6511f75f3354ef

SHA256
58986fec958b681ece265321f3d4089c397df955d55b357ca46054ce12ef9dba

SHA512
1a7894ac8a3d8f1cad88b2087da13229cf558d7b60b4a8cab49f674b20b8d6971f26bfe972034bd5eb3fa4feef7ce3e353f08d3c3d0c029229a93a88a96e95f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8e83e0604287f23aaa8b2e4a15f4e333

SHA1
2507d6f84a8e395995036e68eefd4ecf983113e7

SHA256
44205d365f86392b75cf463984bc6685feaf1916415e7db4bb715cd300f63f14

SHA512
f935d2bad0adfdfd928d68be01bf0d684d49c4388f564c9b34ddb140e4104547c5610a14d4c3b4514e2246f8aaa69835a30944719ec8cc347a8e16862a89873f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53aad62f6c023a564466ba3d525300c3

SHA1
1c94bb26eb60f25cd4a99243ca89a66d11fdf4d9

SHA256
40f3d7a360ab298d472270cfcdfc7b8b68c69e5428aea5184240e0d645ca39ab

SHA512
a0b7b44e1fb67425d00d35152f32719b7a3d6fe315fec059810d4bdf73a985ee073303f08d4fde46eafdac11f557671b4556265c7f0c5c6d144ecd3b461e9d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f4192bc8dafe9a415a48a60db6faa10

SHA1
943eda299355d11915c4b590998266d277f93517

SHA256
da1bddf6f57d66e7df6cedb4896242a245bf082b84f1c04c8a9f1660c24aeab5

SHA512
e529f23771b97797e783d8a627a108a9ebe54fbfc6d3f575dd77792fcd941acf333db971d80c35eab335047f067b782113dabbd8dac18484abdbc97ece7a8958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccf351ebcc2c515e7592dd451391b75d

SHA1
5fcec1bb8669f2b693ff6314bcb603ff4f3b11f4

SHA256
2c457d7b86d756f1b5c6657717b2dd9503ec9e58f703a81e4e4761691a99a30d

SHA512
7759586bb339f8b07ee81a3e1737c45f8cdeb1275f493491a276035d7cb0a184bf10587481fbb7504cba5ffe1fd3374f87753d65420ced9fd932b4dc47783359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2294ad0a1f310e5b9ae85f0b09f9337

SHA1
da983e37389a21cbebb9bbd1cb294c3c1a24c7db

SHA256
1f3ac678436cf8b2d1a0890a91e8e8d90d473dd3f1694750b431e168a2a1ea2b

SHA512
714bf7e7b4d377399586d297ccfe1fe989a0ecb389192a423a74c63508b2c1dfffe4c84947e2caf26b82417802bdf944f37e5e8ad3e44a8e4a942d005efe1d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55cc1bca49ef14ad98552aaf7f2f83fd

SHA1
8c3b2476265a3a14ae1a7a2d49805b85784cc0f8

SHA256
5563305188a3598ee485e586af720031fc2e9cffa2668f3dbd0ee635da2c5b36

SHA512
b9ffe7dbb0641a3e09c65711068cf0b0c37aef9850a584efec132dacd8b66f2ac911164900e2552bb7fe7c0ec0f4f2f1258081ef9ba5541c8ce94ff006fba51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c832964720dcbea4cd3439573b77b1bc

SHA1
74d4d37a4197349e44b0516d5d939a2c70b4806f

SHA256
faba8733ff43417cce8d197c45d3eaf8e30ca05ccc02200818bdad09be39515e

SHA512
339204d932ca0f2e848ae96b553a1b4ccc7804a5031e32d665e30d845764573261b35d57a87892e44220e98192e9c246bd46aebcac195e7dcb7187ec7a39df34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6940e35751857956249891c74cd26155

SHA1
9e015cf3c98df131ef4af33c320b22b996d9e4bd

SHA256
a22c645e9f4cc455212b174d7b98e9a85ac9ff3ce3f2b13671a28dd80fcabbd4

SHA512
853bb12c5dffb96644f4edf82fb902138aed4cd896ac70f272484b37a62ebf9a7f41fd6a308ab2a0ee2ccdc00bdb6ccfacf72096f205e1db7057dd700c1e59bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
610cced4441f1d900c3027a31d306b98

SHA1
8042c584b5e617cdfb92d1459cec0ab8247fb826

SHA256
bca302a8ae33586716b8eaaf0e1102d5fee67f64520d0623772002b388e689cc

SHA512
e806de7e6d64a2ec3c4e0d17f3096f33b5369010496995df258dc7bb85e02a2ecfcae89017b03dc25d0f12c24d9ba5f52d95c76de51683cf8a436a2c093a53fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579877.TMP

Filesize
1KB

MD5
0ac6168be0b763b87bcfed8fab175c34

SHA1
e5498ad32be41be57647c3f4c54b78abf7e13ff5

SHA256
4082b9e73d43aa64817fa4fe9f5b6e569d0593118e70d073985812fcb5b2d1d5

SHA512
0bdb047f7820a2caf31501c09138e817bd19dc1d747cdd9557764a5f71094ea0b11f00e284fa9070a616abe92ab4c251b63d90da6feef3a7885117ff5dac3f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d54fe667138330970003f32b44d2cb89

SHA1
5b9a316ecc610ca97a13c0d211520a8a49127d1c

SHA256
e2d29b033d306d6127b28d1cd6eb4e0eef7382fe258af945020544df74262219

SHA512
01cd2b92999b486d2f2bb0729679be8690aba4a386536e7771f4a28d1afb30205acfb219bd912724920aab44278a3a72ef29efcf68d23c5533e8ca2a2e1390f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04e2f50c51f84d5d0cd00b81464aa1c4

SHA1
09457164015e742c56e937b1361966498d73576a

SHA256
f628b895d6eaaa4f990ac0acc867aaa991219658220fae90774278be5cc2a60d

SHA512
6866bfacbdf8576393193ebd33c0702f92621f116f0b885fbfd883ab708593dddab1380b19d2f61dae980649db9b7600161c0bef69e69667be5e97237ccb5b4f

Download Submit
C:\Users\Admin\Downloads\AddConvertFrom.dotx

Filesize
315KB

MD5
b27cf96738de2fb9869957b1170c751e

SHA1
6441d45e07398cd13b8659cb7153d765b7f2707f

SHA256
191a9bd0a3a8c54376cb8b369a0cae8bf114b8cfd1ebfa1c4d151bc1ad59d0bf

SHA512
a0d380048b6966e6013367ef0f6cfa799089b5b20f0fcd029a6f5874547a99f492ddc89008ab4c163f29bb25df830fa5748986958181dddd5706013a8c98922b

Download Submit
C:\Users\Admin\Downloads\BlockStep.wmx

Filesize
875KB

MD5
a433dfd9c0442d0fa82ddcb8e6e56a7f

SHA1
e93d7ec1c36046a1cb3c210ce96eef8a9e7b7b6a

SHA256
78d789e4ce8e8ab92106f7ad2f7d618644d7804faa32d078e06c257b7e02e36c

SHA512
8a66412d383a89fe8b48112ef6fe1c6112b66d52b3e0385d88e9041d3534df4be850e3a7af27d33208aed31f81464b342dd73e71c306aef4b7d7ba87076d86bd

Download Submit
C:\Users\Admin\Downloads\BlockUnprotect.bin

Filesize
630KB

MD5
b02734be6c38ea21fd9ae049d97e97df

SHA1
fcee26bd4b485feff82a717f14a1651902bc1062

SHA256
6b7f8cc567a397e997079d45345ccb67285a8b1bc450e79442e8f28d6fd15e49

SHA512
f728b63061ceabe7678a4681380096a55d655f602d6f8f71c06d808352ee37ed4bbe85dbb0395cc6639a72f4c120508b9ccd9fefeada98cb9172163047ddc90f

Download Submit
C:\Users\Admin\Downloads\ClearDeny.aif

Filesize
450KB

MD5
e9e74b0a1990cf53f76425eb9ab33146

SHA1
d339ad2a7233635817b033f830737ad8fe98d236

SHA256
76024e9f809be98e409f0f3e847490588a49e3ee05384fae0d505f86a8b40290

SHA512
ee2ddfc1670f6db14dd68e8eb51a3e5749f7d710a583a6e507665282359002cb765dacc739c4aa8065254bc7dda0fdeb25e0585b2f025437f4eac88be83d6a4f

Download Submit
C:\Users\Admin\Downloads\ConfirmShow.dwg

Filesize
690KB

MD5
5cdc407e780f7d00f0e4afca7e861acb

SHA1
1397be440c802963aa78fe1a3c017a3a2d489a90

SHA256
a9b4dbe21c7a8e7576638e0936006392078965a2b3c34d622ffa03ae9b0d0597

SHA512
4e13f3c75f6bdcad1666e113f8ea68e7d1899645a651ece6371cc759aa15c8f1b8a2539519ede2e2c3d4d5147a20d61f7d3e86672587ff488b9f387729c78d76

Download Submit
C:\Users\Admin\Downloads\ConvertFromAdd.ini

Filesize
435KB

MD5
c5f30a54bc8df819e83ee6e59e0fb6af

SHA1
82752cb99ea388033d596ea5304f7e3b947005c5

SHA256
4a4ede3b506635bfd662ed0ba1d1ac1dd0401926fd6904a2cca2906de4e4e0c8

SHA512
f2862d32abac726c5a8d65daebee6b6602b71e8b4b2a18c36c144076671156fe2af5c9281bee985f6995f3b15aebf44ceb4651c256ec5a4da46eba6712d6d359

Download Submit
C:\Users\Admin\Downloads\DenyCompare.midi

Filesize
555KB

MD5
4394ffca5b92bfb28df732914975e66f

SHA1
e73d443b2797b4744b74d1ed0964e4fc749c3d8a

SHA256
f94b37d4cefd18b7c6b8f1fdcd34854f7c0585cf53190b1fea99361bd9864f89

SHA512
6844192bc6bb2f548d5c40a86d05a8624aad9ab790b79bf2d2e2ad90138e66ed843ad101b9d6d327da6ac49e3ebf43b3d9d878bed2bf49d135c4bee7a2881fd2

Download Submit
C:\Users\Admin\Downloads\EditSearch.jpeg

Filesize
585KB

MD5
1822558b0076e480b156e72c0e3dd215

SHA1
f3b77690b90a331d3dc170b2d64e8505e99c0171

SHA256
007f76eea8bb8f0d53e6f4b95c7409be32f16bdc956abf405fdbd79e2f1ebe2b

SHA512
ab7b651cd82952e5994f89ac2686363cba89574d64899df69e72302f42fda643cea7504a1c1145bb8e124307516e038c7e6e65a2afbb836228f8de05f870c137

Download Submit
C:\Users\Admin\Downloads\ExportRepair.ppt

Filesize
660KB

MD5
c6769f781f34a7f29f673ce92d35ccea

SHA1
d216834f139fe7d9740c365106212cf4ba3a32eb

SHA256
ec67fa0318f3241eefe57305406465859fd1b6b5b3f0e9cddc3544a96926bd9a

SHA512
4adce0b9af173ca503107431b1da3ac7ba20e23271485e22d71c8c1f8d54669b724ab61d7b767a90ab13f735b51123ce7284979a660569ee201092411375cbc8

Download Submit
C:\Users\Admin\Downloads\FormatConvertFrom.ppt

Filesize
525KB

MD5
70509cb25d62424bfa49908a803b8c81

SHA1
308b1c865988a006a935b48d6aef7be62c059822

SHA256
16b685823d627fe597bd9247fae5cc520288bb751e1848427e80bfbd629f3de4

SHA512
05a93c3491631d1e9fd31205c48f6e39d81f9135613e9a488025a2c8cd5edb1e1ad12e5b2a5f05827c7dcf57d77df5b0eaca9b2f1de449c1392500a07b2c9e44

Download Submit
C:\Users\Admin\Downloads\GetDeny.odp

Filesize
360KB

MD5
4a34a9a58f3f97fb55dec0e11d60ccd6

SHA1
3f5c6af3de2c196dfa7b331d64c358acc16219ab

SHA256
3300aff4a4ef4ceda80e313203a3fbaf59c68a23729b3453aecb43634f774b9b

SHA512
acd2530b46a34fc4c85230c7064e3918ce7289b0367960bbbb8d85151593a999db0a1d529b81c8317e5f06bafdd2032ce7247e1e898772ce0b054176b0a3db86

Download Submit
C:\Users\Admin\Downloads\GroupMerge.gif

Filesize
330KB

MD5
34c26c9d67de8188e31c7795325e6978

SHA1
ae25bfcef5e3ad498d140b3818a0e235b11235c2

SHA256
4a189486729b4436f7e02cf46996cdbc983c7358ab580436e51d2720370ca5f5

SHA512
217626c52b205bcfc8da47a98a6b3575a2d6d4eadd1372966ea2b51991f32f20c8cce7f56ef8bb253d153da4ed93165c7775fad2c2df08ef570a9b302e860acd

Download Submit
C:\Users\Admin\Downloads\InitializeNew.mov

Filesize
420KB

MD5
b76a656712f5e89ea7180479074b3cd9

SHA1
9a504e2c71c4e38ef4a5bbc294d68c2f6ad919c2

SHA256
64926a297b3ecefd857d85fb509dc1350b40cace7cc50d967265228e645dee25

SHA512
d25845128eefac65cc99b2061cd06f3575ae122f44f88ba0736ad3b5d2273a0db0574dc6f28fe127a0d0cdb4d4b14007fbe40802660d89a0b98ff4410007ad7d

Download Submit
C:\Users\Admin\Downloads\InvokeConvert.ps1

Filesize
675KB

MD5
6b77ecceb2af48ce08beb9409f9f7dcf

SHA1
6c1d8cd37598cb1170673aa9a127284bd132d8c3

SHA256
1969b7c85109b8d9f64d7f5ad8fa3a8afaf822b8186ef039006861511dad79cb

SHA512
5dea7247d2acb28e2e8d8995554e67f027b43816e0a911cc093f38c1b565dd38b8fe09db911b4de49cb789854bee5d555dc55460ff7b1df345ba22bdbf9bc34d

Download Submit
C:\Users\Admin\Downloads\LockSkip.ps1xml

Filesize
240KB

MD5
df7f0f4b4f98fa9f2124346b9b4fa07d

SHA1
aac44e7e328baa9a3af3b754f1c93cb110090a25

SHA256
e0053628e057fe45506abfb94022d8a389a43755d24504937c71d94a994cbc05

SHA512
e877ba96a5a4a2bd56d0da14e279b2ccdf48fb14fcc8889a73b24551429ae8e695efd2f9f3f0308920a8d80e8dbda2093886707534d90dfb15a09e1479805e6e

Download Submit
C:\Users\Admin\Downloads\MergeProtect.3g2

Filesize
570KB

MD5
12f84f214c5abdd22506735f352a556f

SHA1
f17aa3457e10ef28f5037eebd240eda11c4431b8

SHA256
cb5c01789ac9fd1ebce69f546ed8f7c25d021d797e71042ccca336ceeef6ece2

SHA512
cd87b3efe5dca2c9c1a924bdefdfc97caa4a5d9d8891b36efd48c2628ea226b3954129cc306cab54bd4ee464b4d34a480244227f34acae71825bb3b1359e306b

Download Submit
C:\Users\Admin\Downloads\OptimizeClear.sql

Filesize
405KB

MD5
861843d0b1e7d6c8cf065888167ec57c

SHA1
9fa79ab8f1e38fd88ef92e1ece88ca0bb7081e0f

SHA256
b860994e300dbae4f713f3a82460ded707ee7c9199687e398c64a97847938d39

SHA512
cda00830b84ad2066006b3e11fd37cecc37eb77933b99c72a8efe6ec0aea988a438309c8bdd0d54c0cd699ff9f53dcb12b6584dd1f5ff9b1d412c4cb900be1e8

Download Submit
C:\Users\Admin\Downloads\ProtectExpand.TS

Filesize
270KB

MD5
3efd20ed0ba51e5b6f061094f99270ff

SHA1
9fa9f0c898d7ef58014f5dda659e45fedb9292cf

SHA256
c928df462084b1ce5eb5f9427e541eeda96acc947423697620e686acaab9b1ca

SHA512
27257de99f75d6a5da84c6e459ad5076c562c62f6b3ea6c62535e6d37aa2973fe89e12eba92c78959040395d135aed810399c5e8ea7ac74aa6949e655bce998f

Download Submit
C:\Users\Admin\Downloads\ProtectPop.odt

Filesize
480KB

MD5
4e2ae21581adb1eff37ac5aa2d618426

SHA1
1e05b0e917103268c4704c0e569c297b929aed85

SHA256
7eb08db825fa191e885e06f94c974a3b12ed386a43b70aa8f1cf6ccc3e4befa2

SHA512
2368e41733688afec3902b5d23689001c51bf089f31565794c44ffba529033508d2912dc37257eebf5c9bd2376b24805ac65ee616f5ea9fa6f6bd5406966bd9e

Download Submit
C:\Users\Admin\Downloads\RemoveSend.edrwx

Filesize
615KB

MD5
1d66d062a9e06507fa1c11a1e008a9b7

SHA1
23da8e6d4aeaa4b0776cdca36b20b2eca8606e91

SHA256
23106598f2a3175ce0a6679deacdbda5baec3db41606b3202f8ad00074dc1e25

SHA512
7446a3ddcd59054000d9af4a8046d9364cee5ed58a22a2a14d9aca27b450e46e45800dada666e34f8095afd2df8ae6ed92eafd900e59964110969c563da76c02

Download Submit
C:\Users\Admin\Downloads\ResizeNew.wpl

Filesize
429KB

MD5
52c292a3e95d4aca7981da067161643f

SHA1
d52ef1d1c2e9abc22ffa108efb6e8de4f41eb5a5

SHA256
3c943c94e41ac46910f2bbb08a13f5d3d900625aa1196b3a31064e8bcfca499d

SHA512
c84683e98df785ae7e75d18e9c1ca18166f27f8a5263eba066af6c546309653e985d49b31d39e33198ed07d92eea058501870e4267e6c1a6ed23c373adad8e5c

Download Submit
C:\Users\Admin\Downloads\RevokeUninstall.rmi

Filesize
645KB

MD5
79c79f542691c93f3525d039925059c8

SHA1
708c445ea4978236a9a338b49e9e0e92db1ff7fe

SHA256
b1336577dff43c15384eb16f175f6783c6276ce785b454c98255f4a0b136816f

SHA512
aa703e75aef32838f12eed86a94ce68cb746c3ce91a7fe9975c83508eb5ccdb03bb3a0968b6a7e5f0afa5a9269be61150902897d9aafebcd73c4a40680950d83

Download Submit
C:\Users\Admin\Downloads\SetConfirm.xps

Filesize
345KB

MD5
93cf071501965e582227981480a3894d

SHA1
38b65c386ee47840ebcfa8207afab56af5b25d94

SHA256
9c02517d5e4220d62e0ff75f406a426c849506faea1f0e60db006ff0db98bdf8

SHA512
2c4fe1b443b85c155d1ace436588d43d245117d44e5a9ec0b5b1ddd0f8d5952b8de082c213e7f537daade4deb5d599bf5569d6fe85607bb08bdcab4426200a13

Download Submit
C:\Users\Admin\Downloads\SplitConnect.ocx

Filesize
375KB

MD5
ba2f1dc3d474a5baced6f029d7fc217c

SHA1
f264c7b87f7233e7eb2187aca0981b88296e43ae

SHA256
f719da6fb4588f8375e2daceb4e73a7361cf4cb14f7a1c1430254befb4e4aa55

SHA512
7a3ae941eda2c6d56c762a7394adf8b53cc9a406c23cc3531bd5a075dbb2b6d98ec075b889a9f561791722264f451650e007ae07890941a3b7726a4b7f268644

Download Submit
C:\Users\Admin\Downloads\SplitUpdate.eprtx

Filesize
600KB

MD5
4c82bb513ddf7611cbffa373e3e9ce3e

SHA1
bd51f6b97a44d3f4a1bb1c73dc0e3ca392354ff9

SHA256
75011304a02d485c5a2c08b487298d662f74467cda3efa11d33f395bb71a4773

SHA512
46fc68e0a07cfbb5a71769f520f1e31f0d147241f8995a949c7378e5293873dd9683d15a792d1933633357b219452c90fdf84023bd806b4f57a90a785caf1233

Download Submit
C:\Users\Admin\Downloads\StartExit.m4v

Filesize
540KB

MD5
f2ca7c848bcf8c524fbdfea87d10ec64

SHA1
aa17a9efbc02147ea3bbada52a89c8166b47ebf4

SHA256
10b72d6611962c9af8dbc2b6a7d1f7ec128edf976c9217aa139a444b07912d5b

SHA512
d63408bd5c3fbf4d2971fbef4e1faadeacf2eaae1213a54f06c92f05c219b957592f204cd8f4a1bc04e19db8292b98e93bd65b38a49a27de66ad89ce4905ab88

Download Submit
C:\Users\Admin\Downloads\StartReceive.rtf

Filesize
495KB

MD5
f5e209d7536d1577b8da92d300e71088

SHA1
0e578c784d63c14245fac78e3b3f6c59dc8f313b

SHA256
ee79589b51544ba7f0228c507a1729af79ae08e054f5347d4a637037d46f7a6f

SHA512
a842512f38d918ec2ac3438a2e94e7c46c34f379d6e59245f14d925dcd51088217e98b6e3bf0c498ba7c08ebe9cc841f895f5b9be57e09e3a3cf5ce720601900

Download Submit
C:\Users\Admin\Downloads\StopOpen.ps1

Filesize
390KB

MD5
37cc824ea89b0e360d30d71e66235e46

SHA1
645023b3f38f74340c89f3ab3f9dc75e018ee1a9

SHA256
0d5e05bd7d2488c21048545b3d60164dea3adc649aa40c5f9a044f7c08c12c61

SHA512
74c36b6246bdf49dbaed6d37af0a86b0274e5a6f1cc93abd31a8039f634789b9b48100988b2511b26d1371c6ef173fe12e9ac7747c87f73d390cfdf89a693afa

Download Submit
C:\Users\Admin\Downloads\UnblockCompress.jpe

Filesize
255KB

MD5
861bd97ed87b81a8d5841a3db0406aae

SHA1
14643773c1a5684d80bc2f26fa508f5443b892cb

SHA256
8f6f27a939e0856a248381108353c8657dd3ef4b8cd430772dc396064ef6bcc4

SHA512
88fa0e971781a7a3389f5ca64034eba2108c8ba5204cb169e9e37b4a3d79ae06ba6a3085e5cd14f97d2cca601cc5d7bc277f9573a2ae774dcb5a6d4005e966a4

Download Submit
C:\Users\Admin\Downloads\UnlockPop.wmx

Filesize
510KB

MD5
d40fdcbfff5db114ecb60bcae706ff17

SHA1
c4c121cfadb770775b83d00507d0c82856b0197f

SHA256
a33cd6be7ddc34134dd1204a6c320e017bd9e96983dade76df614c2a12b9e44e

SHA512
41b41142a3f190bc32ba6c6f292ad91af9a8fc6b8e7f11d6967820f053042e831b7b784d7c1fbcfb3f12f4c7e76288420f45713d226b94e2b2c74560eb87bc0e

Download Submit
C:\Users\Admin\Downloads\UnpublishResize.vdw

Filesize
285KB

MD5
ac5f315d3a560248388b1d3425f4a02e

SHA1
9c9674a477c183d3ac52acc820f01562413fe88c

SHA256
ca0b3202ab840f1e55f5d3990bb04cf6e172a4b7c3f2006c60a05e62de4ad360

SHA512
9a4b38f70e1193f1465fabb0e8c96586446fa151d45905ece27a3d226af5ceb6da54f127cd6cf68d1a9142a896b55dfe354f11968d107b71c85c3b85e8ee039e

Download Submit
C:\Users\Admin\Downloads\UpdateShow.3gp

Filesize
300KB

MD5
907f43f0d503791528128c5984da13b9

SHA1
4a49e7b00b6b0250a3b90fcf3ac5d405536f2f4b

SHA256
4081f4950b8c04e884b79554fc28f2e3185150fe86c64f479875d537e78fbdb8

SHA512
7e565bd80ce17c101156edd4bd0d846e2a15fec07afd96a64a0077365479499f11ae63d7d3e1e519ec22daaaab5e208cc193db53e804675c0d6e0fcb86151700

Download Submit