hxxps://drive[.]google[.]com/uc?export=download&id=1xkiYAZPFGlBWANVGCOW-rJAFSM7Xga5c

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1xkiYAZPFGlBWANVGCOW-rJAFSM7Xga5c

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: browser@3
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	drive.google.com
16	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
2952	msedge.exe
2952	msedge.exe
400	msedge.exe
400	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe
1472	msedge.exe
1472	msedge.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 208	2952	msedge.exe	86
PID 2952 wrote to memory of 208	2952	msedge.exe	86
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 1172	2952	msedge.exe	87
PID 2952 wrote to memory of 4904	2952	msedge.exe	88
PID 2952 wrote to memory of 4904	2952	msedge.exe	88
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89
PID 2952 wrote to memory of 2392	2952	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/uc?export=download&id=1xkiYAZPFGlBWANVGCOW-rJAFSM7Xga5c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6ef46f8,0x7ff9e6ef4708,0x7ff9e6ef4718
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7687802144357333155,17131872223167333649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8a5d924d-5324-4826-bc00-a1885e5534d6.tmp

Filesize
10KB

MD5
35497961aab3847cb3665cef216e5814

SHA1
79b3001cdf1e34b28a429c05580bfbb7d63a60a5

SHA256
7cdbdc7fbed596c2e3506cc72f201f1bc757799f0510d21ba8524b5e5d270d30

SHA512
18eb85e84ceeb8ce6d9ebcd8a83da174c864eaf05a3c693c8b936752a6e5d0f35530527f9e31834f95a9514381c7ab4c7ad798df86255e67426b7176328c7bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70d5a346-30f9-47e6-a644-afbfce705f58.tmp

Filesize
6KB

MD5
7ba8ce9e76ee1b0c300c8bb19089ce35

SHA1
718ee160d984052e6e8e7dedf1f7569315895661

SHA256
14f77d1d6006ba8ec09338d800e321c27b3ab7a6dc5fb3465fc52ed85512c2b5

SHA512
0fe6bc691530a48b2ac77f0e79070337c91cb70fef107eca76e152a3df6b8a60399d5baede388e0a29db6f87e5a6afd6acd2b4d2c7ff2d754b2bd0a0e395710f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ebf22278393bedd16447299c32f37d9

SHA1
264d7b7bedd2ab6ebe115ee110972174f456b2ba

SHA256
a666b4de2210a8b8601eea8a5a4a7915b9a7422316e057efc209a3ca162c9097

SHA512
8e1d3f64de3a0455b631d4d9f61119f27ceb1184f4337c1dec883a963e584701932911b11b2dab3560ff561034559a36b48b294664df900ca955dae4f81279dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afc91dd8cc18e934e25b8b69a06c03c1

SHA1
71a69467466896ffd457d66aff18a652f819e0f5

SHA256
d76efe76eafd4ca8049a9338b7322fc75e4fdd5fcfc5ecdbf47c3071a6b22f7b

SHA512
73fbb38e8f9ceaf26ea27f92b5c10fb1ddc925bedbda921b208a167148e71e58c3b0f15c3567e7c4cb07de085c81acca981a4f3c68b0c758eff015d42417fd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a67d07967eeb24da66dc14ac21c5c6f5

SHA1
22fde0615a6b7405d4fbc342ef0ed209576b81c0

SHA256
186e41670931f55725b1f293c33ef96b5b4554a1f94947a86ef907b6e53f2ed9

SHA512
f500cd568a2984af9682bd6fae9fc64e10ba660b432b33092a9e334f8851c59f83b384927a500d26f469420f1c62a8666fc61c69f7f6bb8bfffe50f4dd8d611b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
6fab13fe8501bc91c3dcacd5873a08bb

SHA1
b012c4bae7e69da833658b6d202bece4b32aa015

SHA256
fcab11868440b532a2628416e191cbbedae40cea16e5d3bc9bfa4852a9a76b67

SHA512
44a5240790c804c0a39f90d56ddbadd3055f98dd4f0e28640cf9cb1d7f9eee4716ce52bc7ddbb7b600ae6eefe4a5a39bc0add218b4ff910dba22ca2a93ab716e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58175b.TMP

Filesize
204B

MD5
526e9441f2a2baa7faf3fcc601c2bc71

SHA1
83edfe02070464ef34525a505b67a8ceb4f5022e

SHA256
b4ca56700dd6922d37c828ad658be2759bff1e919ca01d33579b3d0a9d49297f

SHA512
b9dcdc05350af532eb8452902ff6bc528964b8a3c1d32eb96c0dc3b7f670b6a4db5539449ab4edb9b0f59eae249e8cce779c83db0b0217c6a148da12788b8837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\Downloads\Invoice 16635 OverDue (1).html

Filesize
7KB

MD5
42021949613d8b82974235e1a2e37b0e

SHA1
d34d26edacbfd4e572519ad57518efebd9080d21

SHA256
f266d2a8759a62684abf5b7913693b13544e8f8e911e34bf56dbc917b3834ee2

SHA512
75d175a14d9d103f2a23500e6c97e7deee4449424f226e99a68dd5aa4922e06f4cc94ab3cd1712d1b698a1b6b170ec35ab0e80ca8332ac6af42255ba22a41a3d

Download Submit