hxxps://drive[.]google[.]com/file/d/0BzhRkdOa-AU2ZnBaVWVqNXZZMHM/view?resourcekey=0-l7i8SiTutQfru_gxuQAwzA

Analysis

max time kernel
1154s
max time network
1156s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-01-2025 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/0BzhRkdOa-AU2ZnBaVWVqNXZZMHM/view?resourcekey=0-l7i8SiTutQfru_gxuQAwzA

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
11	drive.google.com
12	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a7256da9-34d2-45c3-8824-2a464503d5cd.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250121171408.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rc7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rc7.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2826969134-2088669430-2680400721-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
3184	msedge.exe
3184	msedge.exe
4156	identity_helper.exe
4156	identity_helper.exe
5348	msedge.exe
5348	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 1988	3184	msedge.exe	82
PID 3184 wrote to memory of 1988	3184	msedge.exe	82
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 5052	3184	msedge.exe	83
PID 3184 wrote to memory of 732	3184	msedge.exe	84
PID 3184 wrote to memory of 732	3184	msedge.exe	84
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85
PID 3184 wrote to memory of 3280	3184	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/0BzhRkdOa-AU2ZnBaVWVqNXZZMHM/view?resourcekey=0-l7i8SiTutQfru_gxuQAwzA
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe11e746f8,0x7ffe11e74708,0x7ffe11e74718
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7ad855460,0x7ff7ad855470,0x7ff7ad855480
    3⤵
    PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,190060349003280848,17056291133633772019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5616

C:\Users\Admin\Desktop\rc7.exe
"C:\Users\Admin\Desktop\rc7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4428

C:\Users\Admin\Desktop\rc7.exe
"C:\Users\Admin\Desktop\rc7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\RC7_THEMES\Config.txt

Filesize
22B

MD5
5f89f0e5599fa39d352905ab3ce395bd

SHA1
b1718804496dfae1f78f64cb011754f7089d7719

SHA256
af4001bc89595271e2bed34e5da3eb1babc55cfdedf61c95e1331eef744f4de0

SHA512
fd6db97a0c1d5366843474c3190b065220de6ac74ac21c455333c47aac2e3ce59c3e25e711b3262cca229954754fd00a9d89c8879d24ff3a046dd5509ccd8003

Download Submit
C:\RC7_THEMES\README.txt

Filesize
990B

MD5
df807a212f88b33c4ba4eab53840a4fd

SHA1
83723bb89718442016d7c092f851114b21fb10af

SHA256
c92b1a14d554291de709d6a9c28587d2d26018f6b527c46cfe0ef5389489d125

SHA512
123dfdba46b6c59d315eeb5f447f34b54e66aa87dfa6959a57234b3bcc90525c7d609c3663803b26840d4a2e48176aeb402e248f01728c7a8090eab5d8265140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef0e81b130f8dcf42e80097a75e5d04d

SHA1
d8694b7c5fba1ee2e73e69dd7790ca5b1cb882db

SHA256
fc53158d948d1742e3f960124f9fdb138eaa4aa711d0f43833fa893247de4918

SHA512
c85df1696537dfce601de46183b1b22d7f0007b0f695f1904bbd1a6e429d7787c3d6199bcecdb21936d811b35eeca57a9800bcd3a3b585569aabeb0b5b497efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c58ccb4da696442ae40d3db9e4b41c3f

SHA1
e27933a94d57f04c75b8bff25ad7012171917f87

SHA256
d0d75be801bf0c5f715665c73214bfa38fd714dd9ee846de410855d96dd75931

SHA512
82a7cd39758d67f1d177ce7f46a5ee560eb60207ca7ca1e39b9a08a269ed140532bf1ec85899a033a54d20a0d59592d1cd5f5d35f71da98f6b6e35cd904e1872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
40b6aea9e518d6a64b1e62d78826f299

SHA1
c38807fd98b839c0d1ba841030180d56a16d5eb0

SHA256
1e2ef3db21f414785c0c2996f846ceb067e180c60084b9b21683f428fa29d069

SHA512
475ec553021147779274467a814094256f1aba4a2536b3b0167370c1a7fcc71ce27b7421cae1e08fad72c0a628cbf8dd39edb35a0b9ab1be407e3ea55fcd9e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57db3d.TMP

Filesize
48B

MD5
4a48555ea8289fa33151470b8228e286

SHA1
f5ffb11689d28ce70fae44fe4712928cbfe3b6be

SHA256
35ee96e5fd2cbdcb8bf4935353476311310ade489d3151bf28b957b36f0c8d69

SHA512
62931ee4b934289cd7ed1316615fffdaeb2af43c97197c1bbffe7d825041db4e82b0794cac8780cb4e6de4379ef226dbd8242d440b7c36b17db81e07a477b650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
882e9f75a21f329303c9c089bc49fc80

SHA1
8bc267acafa66c8157273225906f6ff0940a7343

SHA256
8a633a1b91234871a3eb6c77d4270a607db38337dd7820cac10d620d0f5baa26

SHA512
44ea0deb0213ec55bcbf34ba0f307b47435c92504ae87d638651dcb6c7ab218a2f09b58daa1fbbf523735fa8c088174ca08444e09708c4086c8581dc05f2a537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a4ae078b0695c055ba64226ef28084b3

SHA1
023d6d411ad396fe56e625a343c94361a69ed389

SHA256
30bccf7ad34bc6104fb1a571f458644b974a13ca239fa21e5d9c92f31be8987f

SHA512
2024e2b04a23d17cfd670bdb3ba89dcb08e4640fd79b52060fddf0ec9dea777b2081180ab604695812debe73f38dbbcde462e5851226b349ccab9d6223a0d24f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eccefcb2d189a3e21095d71d6fd4a86e

SHA1
d971b17039d7a35852648768c8796d5b20f4a6a6

SHA256
2b976038183a40eff079f1121b487dfbc9e45b04853285be59190a3c81437aff

SHA512
752c9e46d1c93cc1bbe5d7d8fe25ba85869ca89e71f215bdeba2e33f4ecb6fdbd03e2169d70d679f37905c6182981e41269ae9da62606c98586a3af098b6f385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
28673028df4bcfefa9e769669ef2c25a

SHA1
918ecba7be72fabca3b433aa0e4184d604846f36

SHA256
b44c83321c86d2ff389ecf1f449f94d0b5bd079e1b240985a5645fe5bd4d8200

SHA512
b24e9a68213f18a6f5d8b7a3132267bda38021bf16b107f4db1b6fbc46c0f1cf2e9ee8a5f181a68010149523f7805ffef37814b0e4bb147153f4b96fa12459c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
626913b35f654ed50ad820189733d120

SHA1
8564dd8673c12e0ddcb757daa91e364b9808a763

SHA256
98eaa8ad2c2a93bc92d43ea5e0e713f6807764d6a35ae278af6cb178164ca249

SHA512
be1abd43de38f46aaf7a289d014df0a4994594eb6575f57794fff893dd9d195ee800f27b4177efb5e6f78eb52d769f776b8e6181d8f5c997c57234df5ae1eb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fb56b522a10fa1b863b41086fe69c725

SHA1
121bc286922f79273f30c93b3c4572762d06eae9

SHA256
2df35e12b9b96e101044ee91fa1edaa0c806639c1a088a69ae7a763c2a36dcbc

SHA512
3a78ab12b6b99db33e5db8e07e9541e2f9f30e120db6530964e42cf5f115b4791b3a8e542a843adae4150a6eca46d145708350989fc015db0966e67f694802d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
229096b0143438c3084480a1d81c8a33

SHA1
366de2e1b0d5537e42e4e3afa6e75466e2e1f391

SHA256
b08ba0ecdc2137d4e845efa84805e0a2b5e0956d797297615845dea52ed5f2f3

SHA512
242563ff2fb2ab02ada34035660bb7189ed04df00226cc4bf6fa43473ed33dcdda3526941d297677f9dfe71595b15d2646560f1803c7bcdf28d9c2ac355b3138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e69851b62b50592c57d7f9c642f8f23a

SHA1
6728ef86963f2c8c397ba26d61a611aa341e8dc6

SHA256
b99a3b4a5e639ee942ca68986a5747ecb326a53983ec3a2ae5003fb7d895ee09

SHA512
5f57735a013db357de19d57e0c723c1b61eae683bac033105ff7819c36b89830c030762701705ea41632e760d0385106075f785b95b50390363ff9ecceb55438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
029184e176974037f756ec4dd9671ef1

SHA1
5d6adf3fbaccc19afb09bc4fc51cee362d76d6f9

SHA256
10198c210e69450ec755b72614022940b110e1c8877c6ce6023317502255d802

SHA512
d9ff2c276a045d0f3e6039bc848be55f7a3b85b1de72821e31c400a770b880d207a9e3073ac009b02046e7957a46a39f87557151ded8423ca96b540a1cc20ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8203062b12a068ae7bdfa0decabc9b5c

SHA1
51d59a42fdd0c63df4c85c8791216c224695cfd0

SHA256
e7d5841082704dc58bc411f934caeb79360ce224edf3fbe124413ef42cf0b00d

SHA512
0f00402b5886dac6901a3109f45643078e490055d2f92f25404d63cd903265032e1184abd3ffbbfcd25d219ceb84a0a0bdd7ba206c30ba9f739d20bfa769c308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0f694443b0bb8ddcae8faa8138576ef

SHA1
cf861eb0f398889ca93a15c5f6444ce1a9148f2b

SHA256
ad259ad56996f703047b4815902426431fa82f7126eb1761eaf8b4e240a6dd7a

SHA512
4cc354c4f39bda4a4096e0b8064c2efea557a97f321fdcaff4ad234b28a7e5ed3fe1d7e7071b6d335b720fd4bc99cd53f97e90c35b7ed830d71273448451c7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac981f393d6d7627052cc784670dfc75

SHA1
90025e8da09c91f07a8ffac9f0835508a66f0328

SHA256
6ade819e76dab510f5d20947e3ff776ad7ff698eef718a73262e22d7783a5943

SHA512
cc715e5d97f80751acf5e4df0430e66500d20e7ed801b068cda81c041bd3d3e884f17e8d792680b70a3046d5c18a62011068114f386af7b1f83b928908fbe8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58941d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f5c0c50f6ce1a957a84fc81eb20a42e

SHA1
18129406df8a719886c78b24267e2ac6154b494b

SHA256
f21703c9493efecef5dddbe1f0705e34585714ce9058dcc00359ef423e6ad16c

SHA512
a202b695966231d71ca8e55eeef92f009e6620f5d816c8b5294e92b4f0ddfbdd4f45d65990b7029af340406b80bf9fbd94bfed9932679c87aecf333a44e283ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5d857c02bd594fc75c3eb563d03b39b

SHA1
33f560da7d1ed51645efef214f85ef20fbcbc16a

SHA256
3f839b6c1acca59f924e1107451297047130921cf01046dc5d13419c5626d40a

SHA512
4458b45d6c09bc76fe09a26e92dfc53f518e04566a54dcf591492d248ac1b7d1117b227bbc82037d4d1b48c282c04a0535bb4bbdcbd9467d57bb0ef9c71952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57e6fd4d427e0086056591d035ec79d0

SHA1
beb5ec9298f12cb59d2b520b10bcc830146fdb66

SHA256
0383fc660279c7cff494edca9c048a0f6fa55bcef2eb1a96841cd6ad7e364c3f

SHA512
0c23d22f45fb67eb8bfc10d0102351e6935be322a0dad95e41bef66358b1d445332c7c5eeffcbe1b3b7964e514d3dc0b282ced8559b96be2b4844ea2107a28f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62aee047a3c6cf2fec2a29a34157633b

SHA1
51b6eed704d65a62d8793ea18885d12aa39a5cf2

SHA256
342e67b65a4070bbd6e7c2fbf75c98e727d9db45fa071181cae0f5eade726ddf

SHA512
21ee4907a0dcf077f9233542462b8bfd01d976dc1fe4a7b7c4ad70d691e7b9101bddcc292e13fc83a22f56355aa5b93949ac124c84da1f43a80851bf313d895e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a18e33a424007376b810134dde07fec6

SHA1
3acbb4070e7fab6fea0f6c618aeca0964e39f7f8

SHA256
12852fe3bc04c3a3f6cdb76d7fa37cf0d7f91ffe801c70caf5ee4f5bb34e2821

SHA512
3a08afee6762546ba967965d72b90a0e0ed2a45bee0e195696c92f511c4b92634acdb669e6320359cb436e809c9672c0371042990aaf26b90da06da523ce6b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ecfc24d7a2992f7c6e961df16603ff5d

SHA1
8a11c5090c9f93fedcbe5ce556fedc7ad79c2892

SHA256
95f40f079983e3265a22c281bb6f28682d75954567c13bd00bd1217f075df784

SHA512
caa9b20e5ac9648f74561a13fe6a1ebcb1c74d559fc65b6a679299fd4ddd0d872668400996a8066e26138f43c556abb8ad57d7117186a6828f2b001e4655130d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5fa4a2206558e2cf9b843e505ff03d4

SHA1
8cd2fea72c5f54db70003ece332d7fdfb21400d3

SHA256
eb86f8d0cf379edf080773fbbc1e31249ac16874529b89a7d26ebc8fe2754341

SHA512
201d64a00e5371f6fc6b51f6c8f1f861e0d44ed92352e0fa503a65d7a82d714dfdd06d52706e53891fa5cdd834d3186ee2aa1f81868cd7a010ae6b9962d8e4be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4a76610bbce27c43630c38b92465f1e1

SHA1
c497bb1c4bb9b10f322464e5a0d0cbdbfa2753c9

SHA256
c105af60ed74775f514a1b4e64088a0d07fc60a8b824d6131d5cb476c30216e6

SHA512
07008aa86bac84962ac6b8171b2f93d26aca2f6a24ff0be119a9062c007db428c57e85c0e62a41a1017045f02a7f59d24fc9e17727699b3cef2719822657ec2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
62b0060ae588fcf17f891637782f81fc

SHA1
26443e9f0a315399eb1e3fda6ca2711c7df9a37c

SHA256
a5d559b6b3d91de73d087d216eac1676cfe6d96e37888da099809da00bde5cca

SHA512
cdd2c8caf0dd45ab3f3201b37efba668d18f6cdba96f51000a512ee5132eb0270744ce6edc1afbfc709976c89f312723a23e6a225e9cd4857d3fddc31a703131

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 320392.crdownload

Filesize
957KB

MD5
68ba538990f968fae6efd9dd50ae29ed

SHA1
75683f0f2ca5b4aff9099d95091ddeeaff442e4f

SHA256
de0d09c6bb50a8fca9102abbefd7a3a0943a9f9b15da0235bf0f6a753cd6781d

SHA512
59ae66958c050019daa081c5ab63086f6ae3a1abf19112f7f4f74d0bcef86499aeb8b96629097e87694e2e7446f320b12f7ee2bb36269c9ad8a52545a87cecea

Download Submit