hxxps://drive[.]google[.]com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3070649267-739947649-3250922198-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3070649267-739947649-3250922198-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3070649267-739947649-3250922198-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3070649267-739947649-3250922198-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3070649267-739947649-3250922198-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\install.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\install.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
1208	msedge.exe
1208	msedge.exe
3676	msedge.exe
3676	msedge.exe
1316	identity_helper.exe
1316	identity_helper.exe
2752	msedge.exe
2752	msedge.exe
880	msedge.exe
880	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1864	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
2416	OpenWith.exe
4056	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1300	1208	msedge.exe	81
PID 1208 wrote to memory of 1300	1208	msedge.exe	81
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 3444	1208	msedge.exe	83
PID 1208 wrote to memory of 2108	1208	msedge.exe	84
PID 1208 wrote to memory of 2108	1208	msedge.exe	84
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85
PID 1208 wrote to memory of 2196	1208	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabb7d3cb8,0x7ffabb7d3cc8,0x7ffabb7d3cd8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8505215577642442378,6460930239876149124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f21010c94e1009f08062dd9e5a111f3f

SHA1
a02eb37688abf5ccacdd4eba9c3d274ab2a44abf

SHA256
f7f88cda54d24605bbfb55c55e0d02e9fc73271b715b71fb51394095421f82a2

SHA512
5d8cc69ae7bb6373194ce9bf69e30459516e7105da72df41715fd33c3282c7d16b06c5c23137d65596b60e524a688d69814249e126d270e187b58f36505f7aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e055230e18b5c829279f7bc999b631d

SHA1
025d3d0c87346b7822c481517e833edea2120a40

SHA256
fe144bb89636e3fc5c3cc8619995d065f032f04faca4c87503facb615fff777f

SHA512
446a328effa484804f758f7279c693b278383fa29489a81fd4ddf581af10e634331ffd5b22e34688d3bc18172fede091966c69dfbd644a5f05dfdacc0777b2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9b9d2b208f605132af1b6e8c8c45ad06

SHA1
efb2968e53a852bc9dd4c51bb14d888ac0c94587

SHA256
9ab1b822f525811fc3c8aa1bc0598c231a7deb0a65e49099b1cb4daa13e8a95a

SHA512
2b515be6ef49fcfe8caa280178cb2ae1e5a7f04ee74a6e8fe311f96feff0e4cb9c1362b0fbfddcccae66947ab6c81f68b08429e974d71f6565f8a67e05843dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
22d4fc72b1e5d49890867b878a00869d

SHA1
ef96a1e356f460e6e9afe747ee9e2abfecf7f337

SHA256
47f57e12d348276b3493e7c44adf641264565b9229830f6135879be14af81289

SHA512
c911ca0bfea64a8b88581f85edd6d3678d5974ff369c24829915a5c45baf752fdc00682de05849a01f3b74cce82e4ac688056801768bf41d257cff48e9c366ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8c951075f070ae292fa403f5060a882b

SHA1
9e1a98c4bddd8d758389d490eb7ac86242e110df

SHA256
d6df83a59deabffcc3910ba4b628083fc1fdf3db8773ffe1516c16d2a43a461e

SHA512
fe1e5d31951eda56d45ea6befbef3019b375a69e540e75eb8e99191aa7ed5696c59931c9775e3e6efba3035920ad56c0506bca5efa8b5fb1e3d447f63ec24d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e390d2b26e9730af26d38a0b259b06d

SHA1
11febe7e28ebccbf7aa847821f9e48992a8ac4b2

SHA256
f00fdcefd948976e8ac7e13ebbc541955568b69b3cd1c53900599ba2220a657d

SHA512
d881a1ef830040916d0278b613c23e4bbacd50e3d17b0993e52df26d277645428e846b757eb41879feb2354503c9e3e30f026ea27116ee567b57414fc9029d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
198ba26077d313965297b2d959da07e8

SHA1
59a32d63370a90f8d0fa79971fbc0cdad04a2c16

SHA256
5abe680ae6da23694d50ce907c5b79ac9534cbdfa660eefad9cbb5587b5d1cfc

SHA512
ecfff8f5eef15968923162cc7c6bbba1b050086405268e67b66f4ad2ba07e8d29f20e9c7f62f7c0dee35f71e1d62171d60b5db231b67211bb7f128e28bf77b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
599f9973d7b48d26d31f35fd0f674929

SHA1
433c089517ca61e9dbedcf4721c31985e333dfd7

SHA256
3b37af069d184fedbd8fd421a3036e61908d8cd66b56550ec8a4bb741e1d7552

SHA512
899e858c0adb911d32c13ec877a0bb348cda477c066bb7c4fe4b67a2719705fba55ca29541e58e3dfe906111854fa8013da7db1bff4b78469bba42063af55284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f6237f789d0b1f27a18ea69676c0a85

SHA1
cc050a48709f4d5ac4eb6f6dc0226b74583061ee

SHA256
8f532dc9a270860217898ed7b90267a675f0202d240c2a6d0b61f72b6bdfb601

SHA512
8568d14bcdd21a29f55c527c67e1d91f62d0de71578006172623538578c158b6d7e3f381578874317cec316f83a8892464ea1ebf1d0efe28b4cf62298b8e91b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f3ef007c62357563500e83df15e50bc

SHA1
694cd52079725f1416670ad29a99192cfb9b36c1

SHA256
d709523ed6a122a1c445c00ff57b2bcfbb81b0caa551c1b880aa5bd48e281ea0

SHA512
583614dc72dfe79b38ae3218c0650ab72049cb355a62252968b23c1127ef143d235a214f8f4ef707f164266b11fef37b536af19b3275bfa5be9e5b316248b3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d29dca639e417de29675d23835570ade

SHA1
488ff3b73adfbe3b560fdb44dce50e5f36c10fd2

SHA256
318940bb82037b844a19c383787b29949ae083292a277248aea541b19fd4e3c4

SHA512
3db6a18dbc7dd4e38bac0cbef5d90d44a013fd178a0a32f40bb536b836fbbdd1da17e70a3be4e4aa57911ddddfe3a7bb805e02491d8e9e7c4536269220fca505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bf726b3e2e44c6412a35e843c85763a

SHA1
f8d758e99c567be5fd1d2375e529d23a6d5bec77

SHA256
d2735d18d8ca79ac6c09d1d7820195c7770f15b05a537dd9de42ebb411b6c91e

SHA512
3cd0452d3cf6392744b904ddfefe89a1e139bbfabae81e09f8491a29b23a69fbf3d057480d6eb96888d1cef4c4e97b5248ac0ae3ec8f43217248f95ba7bba723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596b62.TMP

Filesize
1KB

MD5
fb9d797927585ddc49f8c0a9e3a7e48b

SHA1
d2c3c3191339fd9d1c87f11686a7b7e9baf7f2f3

SHA256
f988bafa79a271e3e4769a419dd314840e7e5a7a6f39faa5606fc8b588f52364

SHA512
cc4a2a05ad471747e6d7adcc897a5aa79700ebeb5d36943d8ee3a8050bc7e96250c85325fabfcface8b5698e708284d848dbefeb73ccb124c0358a6015ea58d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
401c6b21e17069e248b2e9425b46e95a

SHA1
a2dc84941690097f1b3d2b30fcb411910fdbce48

SHA256
7aa94817e8acf8e1d5fbe996b74a11c8120d742578dbdc883e1cca98bd5859e7

SHA512
c1ee3b290e701f626c2d8845b2df843325378b3359b34995e8e396233fdf88cdd03b757806befb737008ccd8ec4158a73e041d6795bf62ffb2e876d3bcc2ca65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3053b6ba032382b2bae8bc8c94263bb8

SHA1
350cbe3bdbf15af9723673cfe800032df930632b

SHA256
223df4800bd84009dcd8c6f5bb4d96387ab961bea08fbe43b64690a969bd9c3f

SHA512
26501f09ee727438d8aa0d5b8a62d377560630e16f53dfbbf15e10a98fc68be243d6c7752885245585973d83f314f85474f7e27481da258a8c6a9604749a9d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8da2178547ecd9bde25015da29816d8f

SHA1
e6f2bcb4260a6b91ec9ee95241d2120c09dc870c

SHA256
5115a9316f9a578ec2cb1e13004577aaca8f2961bb1ea19858053fd18eee453c

SHA512
fa62df07877546807d85ab068d401882f981593af04ec449f484a026760fbd6e9ff11ead19447c46d2d9ee8eb7cb43f46d6b04e9a924173c337d8049e7127e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
fffcbe9497904ec3772ad0c598758774

SHA1
32a6b63529e069b4df22a977fba1a4e20396c1c9

SHA256
5e0933064d14c68a23c38d883554eb65d4ccc0258aa854d3ef3e3747ec6c06d7

SHA512
76761d949c8839bfcfd21da72eeb20272707e60cc69d060e2bd270da68fe481434df699f39212dbbd13f9835a28db7f8ac2a8cc31526940e7c200a73bd60f456

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 647620.crdownload

Filesize
448KB

MD5
4564a9a35d9e7e7883faa2ed3361e0e4

SHA1
79a611b96bc0cdab0bea30423814b4ad7245800c

SHA256
06ce088beb65731be6268934f89d44a00d386e517ad88f8e28a8968c0a43b7e0

SHA512
efcec8c64edc5e23a7d24610c4a7e7facd3c682eb42875bc0b19e95ffc3479749d044a78f274cbdabd4252a07ef3da567aabe995abf2f5790da139203075fa51

Download Submit
C:\Users\Admin\Downloads\install.rar:Zone.Identifier

Filesize
173B

MD5
3b3b5b65739ba297d62a8f4eab72fe83

SHA1
b02ce2411ce7fc6e5def4964580d4ebbb4a39ecc

SHA256
d69901e2df83d13995c7ebbb5d6a63272c20e62a06e54d63222e867dd6a080a5

SHA512
dcb1c613f0c91093a0c8aad760963ccdd3e4d3e096e54e67742e113be8263fa47918b57ca3b9871843ed5958afa928501f38b9e58b1475be9ee07ed292fd9296

Download Submit