hxxps://drive[.]google[.]com/file/d/1lgvRQtHr5k6LUF96USVsAuB2cllxnhwJ/view

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lgvRQtHr5k6LUF96USVsAuB2cllxnhwJ/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5712	Lockscreen.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 822.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
2284	msedge.exe
2284	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
5616	msedge.exe
5616	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 4336	2284	msedge.exe	84
PID 2284 wrote to memory of 4336	2284	msedge.exe	84
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 2100	2284	msedge.exe	85
PID 2284 wrote to memory of 3004	2284	msedge.exe	86
PID 2284 wrote to memory of 3004	2284	msedge.exe	86
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87
PID 2284 wrote to memory of 4356	2284	msedge.exe	87

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	Lockscreen.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption = "Never forget you are under my control little boy!"	Lockscreen.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext = "The settings on your computer ensure that you are a good and obedient boy.\n\n - Your Goddess Yuki"	Lockscreen.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1lgvRQtHr5k6LUF96USVsAuB2cllxnhwJ/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd472946f8,0x7ffd47294708,0x7ffd47294718
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Users\Admin\Downloads\Lockscreen.exe
  "C:\Users\Admin\Downloads\Lockscreen.exe"
  2⤵
  - Executes dropped EXE
  - System policy modification
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17702656763661891107,16561095181233863249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4f2730cd9224bd97484fec7829baee6c

SHA1
014f9dd4331faa7c5f9d74fc052b305e8a30f314

SHA256
ab7501a1471db03fea870bad72bf8e2819b93a784018e4b97201cb776ab8e471

SHA512
a4ca9d407bb913cb3061c874c1acd415ed7489be4777617b9aa1d55709a4bc4cc22dee133c0ae916ba9a3ac4d6223e116aa721bd46ed3bc5a1a6890961b0ca5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2b58a3fd711e01b4cbe015cb4a36b414

SHA1
77b6073479724a8680edaf60da997df5ce81ad27

SHA256
8431b27e4fa62cb1133d824db9752bac3a1d5cbb7f6b02408ac72fb6871b6c78

SHA512
f8d6855496acef9be10d26214b56879a0d0123bf96236c8bff9aa7c6f2aefad36e503536e7a27879a90dc72c524cd5746bce8963b9c7c64437afe30d901e2bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b0813f1e4fb6f0db43165318f87297ac

SHA1
2975188ff97b66f51360968320314a78033e78f2

SHA256
c3dd88d070a534b4a4de499cb12263d378eca35de6b6ef7817ec689a65d41338

SHA512
5e508054e389c9a283478e428d07b75e8f43191a42ea9dbbcdab882a45a2e7d87a411032b1480e6cf5f3bf98893660824eb41a1e9cb4e6a490596ec710726f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3942b279861f58f8181f81c225610ece

SHA1
be3a24218ee7c156f668ac77ac6b7c82016119ad

SHA256
c94eb63d43e9a493b49cd7e4a87f360a1305133245a6b86c28845209439b495f

SHA512
fd9d2f95ff443cc87f8d13c8bdc03782d05b6ae2674a5cd111e3fa905ff1a85c168f320bd089f0c859f7299c55a55d1da73f81060cee6f2d43718fe629d2d17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12464375e27f5418840ce80dca54d748

SHA1
43feb54f24eccba943c6c59a5b2804eee7f7424c

SHA256
252aca593ffcecb041dce307f0c94e4a768409df1ccd4d858f9e02b2b331a53d

SHA512
1f2a9c7c2c83175a0276759b0a418431726fd1f977debd0526694bbc2441448a20abb1850fc57abe4413673521344cdd7f90b711d15523d5002ad7dda4d18486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c25c1705fffe09ca413c8f5255f5af76

SHA1
6c384403dcf65e3768d36808fdd47b6daac31989

SHA256
7b8109c3d6a7ba8214ebd714209bfc5983dea47e1591249930b156bbea74431b

SHA512
841930456c368b7694078fc8195285c266db0102e4295e004bfd01df1c2ae0896fa3716bccb25d3e416fea869ce1844cc8b801879f4da465bbd12e51e820f20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6293816bc9c7ac674130e6ba90c29f11

SHA1
712e17feaa8cf84a0ee299429f17468aab3913f1

SHA256
3faa7d5365f96bad2e625972025e98ad654f7abe9169a451a0bd1d594e88aaaf

SHA512
9119e965346d4d3518a5bf39fa7cdedd3de2ea1161c401a809c2ffa1a84d2eccd4dbd32c883bb47ada824048812500f812135491ffc0a2e502f754dbb98af48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2945596b50f1d314d326eb28670d8c90

SHA1
a9f35eeabe5669f54661e90bf1f7247e7f99c78f

SHA256
12d079287b9de4a3ff16b2620094dd2752f4a03b3617e6f1997ab1d5fb4bcb3b

SHA512
9913e51989a2f05597fe8ffd485514eeaac77134710eabe533254f4a47daba81348c9394979236f0d6de207f955c3a4d7324705d3dd3f6b353daf2527f95d4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da29383429023d5052f1cbb2a58381b6

SHA1
1469696c0415c82eb696f8436ba8221367341b7a

SHA256
0d3bef99dfb6c4689201976b70be732f85e69e5043b8ede91d72b1cbe4c90b6a

SHA512
d36f6692b070d1f018f93f476c499d2ef2416d19ffc22e1f2adb005f1d943189e5e07b8cc2f769c1d2caa741904136ce906a483b666c6e37927b9e072e70bf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
112963bb506ce994e3be73fd5b7a6612

SHA1
24feccafbe0adbd796c5e9bd2ea29d136c23d2db

SHA256
51f741f5e3d1fd1d9fc292f73397031f067041b48e81a6c7b8a66aa17e9cc70e

SHA512
f566097e6d442a119e51aa478c54c77159756573d6506ea13929e447f5d19ebf72871c4d95918bea5cd4bf3e14416bb68d3f4c6a391e04d96915d15dc5ecdcfe

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 822.crdownload

Filesize
28KB

MD5
693f0b6f14862d6eb108aecc3d7a339f

SHA1
0c7ac0e0c53cedb8702a465547e0e796ec921b80

SHA256
5ad03cd1c0674047bfb5173bb60af1e8fdb26b8c6949dcfc07ac4391afc5545a

SHA512
50c00edc0c61496f2b1d897579ace4e9fab3fd4daba74754c0aae14fd21b3222c4db2c7a52640cc10893a06cbf8757a809d5e040b1fc796e90033cea61064675

Download Submit