hxxps://drive[.]google[.]com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing

Analysis

max time kernel
875s
max time network
883s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2025 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
137	4676	Process not Found
77	3696	Process not Found

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
2	drive.google.com
6	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wermgr.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3276	MicrosoftEdgeUpdate.exe
2636	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
920	msedge.exe
920	msedge.exe
1380	identity_helper.exe
1380	identity_helper.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 1080	920	msedge.exe	85
PID 920 wrote to memory of 1080	920	msedge.exe	85
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 3724	920	msedge.exe	86
PID 920 wrote to memory of 4996	920	msedge.exe	87
PID 920 wrote to memory of 4996	920	msedge.exe	87
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88
PID 920 wrote to memory of 3040	920	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1b1446f8,0x7ffb1b144708,0x7ffb1b144718
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8504616434866824109,2409250327157336453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0ZBNkVEMzAtNUY2OS00Q0E0LUI3NDEtQ0VCQTFGQzY0QzM4fSIgdXNlcmlkPSJ7QzZDNjk5NzgtQkRBNS00RThELUEwMDYtRTk4OTlBMTI0OUUwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REY1RDhFQjItQ0M1QS00NzNDLUE4MjAtRjEwMTZGNUE1NUM3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU1NzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODAxNjUyMzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTU0MTM0ODI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3276

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0ZBNkVEMzAtNUY2OS00Q0E0LUI3NDEtQ0VCQTFGQzY0QzM4fSIgdXNlcmlkPSJ7QzZDNjk5NzgtQkRBNS00RThELUEwMDYtRTk4OTlBMTI0OUUwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NjBFMUVERC0yNjRDLTQ2QkUtQkM2Qi0xMUFEMkU3NUEyQ0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGNvaG9ydD0icnJmQDAuMTkiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7QUZFRjc4NjQtNzQ1QS00QjcwLTkxNjItQjFBMEU1NzIwMjJFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjEiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MzU3ODYzNzk3OTEwOTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5NzYwMzQ2MDciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk3NjA2NDYxMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNzI5NzE2OTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTcwOTg0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1HdEd5UUY1SU1Jbld1QXhGZlJvJTJiSDUlMmZVRk5UUzRJeUdyWEtpMkk2TVBFa1pQNWZPcHhueXZ4SVdEcm9uJTJmdktGWHdLejV3ZSUyZnBUMjdXY3BBOWtWUU13JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMTI4NjYiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzcyOTcxNjkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTcwOTg0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1HdEd5UUY1SU1Jbld1QXhGZlJvJTJiSDUlMmZVRk5UUzRJeUdyWEtpMkk2TVBFa1pQNWZPcHhueXZ4SVdEcm9uJTJmdktGWHdLejV3ZSUyZnBUMjdXY3BBOWtWUU13JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTA4NzkiIHRvdGFsPSIxNzcxODAyMTYiIGRvd25sb2FkX3RpbWVfbXM9IjM1MDUwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyODk0IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3Mjk3MTY5MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0id2luaHR0cCIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk3MDk4NDMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R3RHeVFGNUlNSW5XdUF4RmZSbyUyYkg1JTJmVUZOVFM0SXlHclhLaTJJNk1QRWtaUDVmT3B4bnl2eElXRHJvbiUyZnZLRlh3S3o1d2UlMmZwVDI3V2NwQTlrVlFNdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IjIuMjAuMTIuNzQiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMzIzNTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzcyOTcxNjkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk3MDk4NDMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R3RHeVFGNUlNSW5XdUF4RmZSbyUyYkg1JTJmVUZOVFM0SXlHclhLaTJJNk1QRWtaUDVmT3B4bnl2eElXRHJvbiUyZnZLRlh3S3o1d2UlMmZwVDI3V2NwQTlrVlFNdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDEyODk0IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3Mjk3MTY5MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDc0MDAzNmEtNGUxOC00NTZkLTk2ZmEtZDFkOWM0Y2E0Njc2P1AxPTE3Mzk3MDk4NDMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R3RHeVFGNUlNSW5XdUF4RmZSbyUyYkg1JTJmVUZOVFM0SXlHclhLaTJJNk1QRWtaUDVmT3B4bnl2eElXRHJvbiUyZnZLRlh3S3o1d2UlMmZwVDI3V2NwQTlrVlFNdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjEzNzM3ODkiIHRvdGFsPSIxNzcxODAyMTYiIGRvd25sb2FkX3RpbWVfbXM9IjM3NDI3MyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAxMjg5NCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNzI5NzE2OTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA3NDAwMzZhLTRlMTgtNDU2ZC05NmZhLWQxZDljNGNhNDY3Nj9QMT0xNzM5NzA5ODQzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUd0R3lRRjVJTUluV3VBeEZmUm8lMmJINSUyZlVGTlRTNEl5R3JYS2kySTZNUEVrWlA1Zk9weG55dnhJV0Ryb24lMmZ2S0ZYd0t6NXdlJTJmcFQyN1djcEE5a1ZRTXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIyLjIwLjEyLjc0IiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjY4MTY3NzMiIHRvdGFsPSIxNzcxODAyMTYiIGRvd25sb2FkX3RpbWVfbXM9IjUxNTc5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjI2ODQzNTQ2MyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNzMxMjc3MjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzMjQiIGRvd25sb2FkX3RpbWVfbXM9IjUzOTcwMSIgdG90YWw9IjE3NzE4MDIxNiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiLz48cGluZyBhY3RpdmU9IjEiIGE9IjIiIHI9IjIiIGFkPSI2NjEyIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins5ODYyOUUyNS00NzJELTQ2NUEtOEI1RS1GQTYyNEFBRDJBQzV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgaW5zdGFsbGRhdGU9IjY2MDgiIGNvaG9ydD0icnJmQDAuODYiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7NUJDMENGRjctREJERS00MDEzLUE4Q0YtRkE4NkM4MzkwN0REfSIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2636

C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4660" "1060" "988" "1064" "0" "0" "0" "0" "0" "0" "0" "0"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
847KB

MD5
c969c5b10380320cdec1ea7eeeeaa355

SHA1
77f8d9825b41dbed5a80057176e230fbe23148e1

SHA256
bb8a69deab05108cc0c5856cf2473c90de3d464db2a5e7b85b6a6e81aaa3f685

SHA512
371c59fc3c228513f1a3686ace025b9a013ad7d7eae735b752b735584afae81da4bf05c3ac5b7636f3a8962943491f21d450ea0c82c9da9d62328b363bf8fe94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
738e0fd75763c5b71a4608894062b51f

SHA1
3b45a2a2fdb9ccc149a9b65567fe2ffc4fc71418

SHA256
d7df4f059963e29558caf953a1e1b2e43e562b7c26b4adfd5789ab875d61b977

SHA512
d740fd9b2b415f4cc1069144ac01e6a62e3d3b85c6b26d8700c2ec123557f87d2c7f6658c523a2b44a7b4747876445327854b31a6b5427edc8669fbf70aeadb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b79744e74e2a70dc6da0b381d41590ee

SHA1
e4d6ca7be84bc8d2d118af038619e050c8729c0e

SHA256
bd001563fba8eb964f80271db1140e58f696d6d7ea20b60e23b5c91fc09b690f

SHA512
10efa4414f75f74b9db7c835520a13c1230c1040b5f36747e166b6fd79d317f71df355ba093eed72065ac71f086822e2696bb6eed7d2cd7eaa02044e602fcd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
3f22348962b92fe48fd2fa17e29eaf53

SHA1
6975403ab0e87d7a0deeeaf331e0cb8b3c6095f8

SHA256
a23fa6656cb340b3c50460ac0ee1cd2d56f0de435504ff8fa01211efcfef924d

SHA512
e37cd96929b0cb5d185b9592e92dc50d53783955f827c3fdc1d47df2637d2b14ecb4913c55607a5c16506e76fdacf65f17c78be79dda52155fa2474b5ac47b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c6b7df74ec0f7e1a800c38e69a615e0

SHA1
b853c27b9632e6bf4fc01d138be7dff04c5270e3

SHA256
4f77063d1c66c973fbb6fbea403c8620f0ac3600b798defb408ef9ad6129c3c4

SHA512
119a10356782d2849708a046974542e2fb5f5db542bd36b2d3ee77de3dffa394aa851ffbccaef0501eb568587d6558e9988e9ee9765cd4c69b6e95cead00d3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
148f275403b9bef247a6c456abae24ab

SHA1
3a03625ad12a7f6a61695737f7ba7a1f28c84b11

SHA256
e8c3b9d229170fe68b6fe11626761b796408ebe2e6fca1bd3efd94775208362d

SHA512
f3eccc7bcf439e965d200a39262adf335082022ccca50a65b659d2d915124418587008d0d9a9c1b6e25f3c725b9a560140f64aa3a2eafdf57525b3de53f05bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
128f8ac0bcd4ceabe1317e033444f8b1

SHA1
5eff32041823bbac64ec6e48fc2a8e95b5fb55e1

SHA256
bd4bdc0ce830ce671fffcafb17debf7b84cd829c1247670acd2be9b9556d3783

SHA512
e84dd6536f182399817bf4ac5769e2a13f71daffc7ad4ead11cc99bbb59794d329e32dda3fbc76cd2ecdc60f2351db61d7802b074dadfd2a6f57e7fb68475326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d27a7c4272e79ac1b902aa94e805603

SHA1
5a7caf798ae4f5c2972f5470869bb1eec399fdbf

SHA256
2ad25aa7a8207e8c1aa7f607058d15c321143b9a6701594dc250556795d3178a

SHA512
923e0a3b209031584419119b54390d41e0b1bfe50fab46437afeb0bd61f42b2e5468adec281f367fa9f7fed46294a6f5e00eeb6cfcc5a2c4f9526a5f2a7663ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e8d7ded1189a25474d4d737f53d7395

SHA1
fed48a4a081c96eb525e9d03a37c7b1ca9dea2b7

SHA256
ce3195b015f196f8161a01b27744d85c70916abc726ad6fa39de65e12e825fe6

SHA512
0d439f99ef24ab255379e2025566437d61755ff26b5f8468cb92e2e074c8437167e0a3c3ad7b55c5334ea37928087b3eaa69cbe881720d7822433e29635a570f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d4b651d327e468d3ed28bb90e01945d5

SHA1
31af4525d8f50da1d7fa694796f1d4036798b7a4

SHA256
074d85194bb9bffa503d91086cb85ab51ec0039476c6e6fef758b08f29d3ab1e

SHA512
927cf4f1738989b66f1529cbf2791c79c74cf5972e41903f12a7a9c7b8e05313e581b34f5eaaffba14da48fd9848a9ffbd5eb8d31743eee9b327f1932b21f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64ce098ad8f5a5c8dfdd768bfac215eb

SHA1
41963e0a0d7a5de3141685d1da5c285a69f09585

SHA256
843f6946c3497c16315e274a10524f0c0c3212b72748a6ca7ade10aa0100c60e

SHA512
85062879e3164631ee17b85efd1065ac1972814920515538a101f5bb61efee1cac4b13101168c47b29c2335074c06427b733d10917d570641aaa0daf2fc0bda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1c1efb02ac38530625663d343e83871

SHA1
e184d8e6c2d9631f15b6ada434283c1b754b8b1a

SHA256
964783732fa42af6ed1dad4a29f588c496d3f7069af276d640112ff93eb4c7d4

SHA512
d1d7265cbc12edc745e03f94da7fef39ca035cd0aeb4742d19e9d28af916e8f95c724f0c6de3c5f2803da06db43939fd66bc298a8b0fa3c810a40d52d8f5584a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c44b8371d35f6beed055569ebd5c91ac

SHA1
5f3ed359bf79e4739bfd6dcd5323e08547c61f3b

SHA256
0a82178a197fd03204710ed91aacf1df42d0166d8d42202dd2c69c3452d46d82

SHA512
1e13d0adf3882f5bb711f11bd285a6a65fd5d9ec0fd8769cf6ffb614f10277f044cc6ec6bf48a6b8c1056c5c875194ed63783d1b309b5dd85f440a9cafe68dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41ae18b5884a6fad78455f077ca5a42

SHA1
cdbed3651938cfc59308670d70bbd9af880bf982

SHA256
810c848749cc1532cc1f2ff16c01fb84f24198d641fe6aa60f15a7a7efb19a9b

SHA512
50546c05e5b57cbf87d3a0464a131e05125a9e70131d84359f7e3426c8322ecd269b02a12b13a4552878a414e6b97ce0f719f0bf2a852f743ac66fe52dd4c056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
646f6f0761a419e3e65b8c7f16e87291

SHA1
943487e77a0b328454c4b05ce21cbc546f69abe5

SHA256
f42ac6a5c389e5ae038f657c60ebc08ae154abfcdc333473533d7c3c19e545b4

SHA512
79dd84859f09d2065f9c724b6635e4a7618a604f149178a7ae6fd8bcd6e6ed48baea9a939807d0676d0fc44f31c45543311c6e8e3f90b9288165314525c588e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
100898c12b98f59977e02e77383cef3f

SHA1
bcdecd375242cf7ba005dfcb8d2e8ed4a3be285c

SHA256
fd3a4980c7390f08512d3483a8b90000d299f2422e14b7f3ace8029951d99c24

SHA512
52a575bb022dc66edd7adc3e25e97fde2b92e4c823296eabe4fb692012a4f5be72662bfef87b6149758153a4e1901a3c965c92d42983de986230d9db36771691

Download Submit