hxxps://drive[.]google[.]com/file/d/1b07eA0ZU_0EKOeEI1KRD337hGYHMTL8s/view?pli=1

Analysis

max time kernel
25s
max time network
38s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-12-2024 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1b07eA0ZU_0EKOeEI1KRD337hGYHMTL8s/view?pli=1

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8ef5648b-f24c-448d-bc80-6ee5de592e78.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241218165744.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 47032.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2472	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
1900	msedge.exe
1900	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
4892	msedge.exe
4892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2044	1900	msedge.exe	82
PID 1900 wrote to memory of 2044	1900	msedge.exe	82
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 2328	1900	msedge.exe	83
PID 1900 wrote to memory of 228	1900	msedge.exe	84
PID 1900 wrote to memory of 228	1900	msedge.exe	84
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85
PID 1900 wrote to memory of 4436	1900	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 4 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2240	attrib.exe
4488	attrib.exe
2504	attrib.exe
2028	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1b07eA0ZU_0EKOeEI1KRD337hGYHMTL8s/view?pli=1
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff97a8446f8,0x7ff97a844708,0x7ff97a844718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff68e5e5460,0x7ff68e5e5470,0x7ff68e5e5480
    3⤵
    PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,11920462729603261376,3604649070319671423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4604

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LiquidBounce_Config_Anarchy_Hemerald.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:2472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LiquidBounce_Config_Anarchy_Hemerald.bat" "
1⤵
PID:2452
- C:\Windows\system32\attrib.exe
  attrib -r -s -h c:autoexec.bat
  2⤵
  - Views/modifies file attributes
  PID:2028
- C:\Windows\system32\attrib.exe
  attrib -r -s -h c:boot.ini
  2⤵
  - Views/modifies file attributes
  PID:2240
- C:\Windows\system32\attrib.exe
  attrib -r -s -h c:ntldr
  2⤵
  - Views/modifies file attributes
  PID:4488
- C:\Windows\system32\attrib.exe
  attrib -r -s -h c:windowswin.ini
  2⤵
  - Views/modifies file attributes
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6547c6e6bdac94ad11ab8e5311c7e265

SHA1
cc3401985b79ed678f8b94b0500766691044ee7f

SHA256
685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

SHA512
d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0526f2b37744871ef85ad98e2a03cd78

SHA1
7e8475de7f5614e30b67793a41d35ff492aff7cc

SHA256
68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

SHA512
12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ae3a495f53dcf276191b2d0377a1d927

SHA1
d03ea65058dfc43f14d75aab04eef23d3589d9cd

SHA256
6864f99f9a55af789a710a7091e5856cc10634023023deb1b0725de8addb2280

SHA512
f2fa149b63ab4ed53fea021e65533b0498ee75aa9008969acd4590a8ebe54b36800a96da639709e1171a796b33ebc2dd27310cd957775f7f15401dfe9c91b290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
b4b1578a9c0dfe51a5bbca1619970271

SHA1
e791a961e6a250b62473cb3ca16fea4234ca0904

SHA256
832c5e4931351ef8a9ebf8e1208a6813d2880ed21bb0b4960e36573c562a98a2

SHA512
e028c8deaee34ca044c2dc526f12847d6d9b1087492d186ea6eec5805e3121dc38797c877e8746a77b1ec00a06a2001676eb7ee3eb31f3d1a3422c735f1a1c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55a23b23125db295226b43d729389403

SHA1
b59b0c9497e8b21ed44adc354698afba955831ed

SHA256
b4b7b0891bc8d53aaca56bc4901f76b216b7aab7a777e5672e7c4ef081f0e291

SHA512
d37f5de55730d9da549f333e6b45f020f4ed62fa269e713be2f365661cc3d4fa07a27f747b539d913599302b4ef59f73d83769ce400d87ab1ecbf6d18e81d0ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
202396a981419d681dc7a2973e7cb2d0

SHA1
f2957ccb798c8377d3360d47986f7425278bce97

SHA256
baccce28c8b55269e7d51ac7fc36dfd41dac6280baf953ea39fbd7d788ac62d4

SHA512
d9e8fe9c608c1769c5657422b0f991f20abf06a6eb6dbad44ef1e47160e28a0904b6bbc1ff1b3a06bc15b1a7c387d7d38049587e395b7bdce33f3ec28c5776ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec673c606f1fc054297100a216f67a67

SHA1
028047a7bc5de5e9562847543638b2e71483e02a

SHA256
3704c44478bcb761e24b2756744ee07aac9910d98823d0c22c1af4601e2820f6

SHA512
70863511820350b662166e00a94300d636a6656df7d2fca38fd60d36e577dad34c68401c251cf0e43399e81d4701b26943df23ca3452f56ff7bf8263b4c5ee49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
54d8d5d412f3513b3c0f5d4f86a4874c

SHA1
bd77a00fb917760fc161fe3a4d87d67182225c77

SHA256
ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

SHA512
8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
53aa92384f8dd229643647a024db8d61

SHA1
4c1434d5ad4cb0ae4b8bad2ee31f82ba67581992

SHA256
88831be300e64e2d65654f5667385f50a7c05925655a06ccb8252a161455e28f

SHA512
cf23d5eeade7ea6d240cb1b8e30adc2b4f0e1cf0359c802715caecc9855251b2a8affcc7cd0c7d57339164fd8af5dde4447f244a4be3c14d5d4f95990bf879fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b0d7c7026b05a583a9e84bf71b53fc08

SHA1
3920da2e018202384afa5689b70d5e6a41db3e9e

SHA256
5918d704854037fd584e3ec78e42b5a1df358693c99a0e71d82436917398d957

SHA512
9d6e6b676f995df335316a19fda786fefafe05055ec0ec77b4cea425bf96b7fd6882a4a82cdb4c6b11f28c9d29711615850493aaf2e9dbbd7201df4ecccb6f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24accd280178583a4d218105cf1cc643

SHA1
12d77c007284a748df1ee9530df7bc25aedec2a1

SHA256
3ef08111b4f369faf8f8beea0382e2dbc78cf83760d0398ae7533ebfdd7d6aa6

SHA512
9fa1a6a11d6857d225bc57b8ac0a8894811aed65a9d5719170b18fcf2ef7877a04de452216a09bb343d9c53a78ebc98b26e74acc3707bdbc75baac7f6f985b13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9bdff5f5e2df489442bb3bb44047cc5c

SHA1
a4a4b2c805333ec22d6f0d2559fcd16aa50d2d96

SHA256
2e7487cbf742fe8dbcd45ce7b6c30b4b0a521a937432645583d1918536170158

SHA512
2a50808364222c2ff46224ffc80a852369939720a067008175c981cfca74ce848206aca9a2c3f7cdabd8a78b5b89117f03da15a6d6c16b4ad1074a86b0424557

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
31aec78b620ff8db01830fa84be9a9c9

SHA1
74921ab9c2861d39430dea2f613e5b44618561eb

SHA256
9e4bb1221bfb19b6bde9a4e9eb3950e0b527065a060bd28b40dde1e11a451120

SHA512
88d1d1cafd1761ff8ea29cfac7db40fad92ec010039c004b3cd2c8cae82cc357221202f953093e76b717a751f8277108b5ecc3d161ac9b5f68cf092667c644aa

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 47032.crdownload

Filesize
215B

MD5
7084dd2d83b1e58da9217a7a92257628

SHA1
ea29cebd5e477bef8d98f2fb5c94d121ab2557cc

SHA256
c2369e5c649888f2afb4bfde5fdb233661c8b06fb9b8832401c49c99cb53cdd6

SHA512
67fda50689dbd860f8b5ebe2f4b0033a8ca4f0c5f5350086f60c0f68280359d4e5ab5d48509a0aa31fa92918f512e6c3e89d7d2f58cb4134a758ff101e82e645

Download Submit