hxxps://drive[.]google[.]com/file/d/1UoqcYkYO1qF8yxpGNTEOpc6mX589DIn6/view

Analysis

max time kernel
893s
max time network
899s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2025 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UoqcYkYO1qF8yxpGNTEOpc6mX589DIn6/view

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
111	1940	Process not Found
146	3456	Process not Found

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3916	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
964	msedge.exe
964	msedge.exe
2208	identity_helper.exe
2208	identity_helper.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 2540	964	msedge.exe	86
PID 964 wrote to memory of 2540	964	msedge.exe	86
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 2140	964	msedge.exe	87
PID 964 wrote to memory of 4816	964	msedge.exe	88
PID 964 wrote to memory of 4816	964	msedge.exe	88
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89
PID 964 wrote to memory of 1260	964	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1UoqcYkYO1qF8yxpGNTEOpc6mX589DIn6/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8504446f8,0x7ff850444708,0x7ff850444718
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16094456642726016576,17266450530797979577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEE3OEI5MTAtMTIwQi00QTEzLUEzN0QtRDQ2RjNBMDBGOTA0fSIgdXNlcmlkPSJ7REQzODZEMDctMDhCRi00QkM0LUI5NTQtQzE1QzdCNjc3Q0EzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RUE5RUUxOEYtMzhDNy00QUUzLTkwNjktNTE5ODE1MTU5MzgxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU5ODUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODQ0NDQzNjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTIzMDA1NjQ2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a230789a90c3150dde7ed452a9b35a08

SHA1
e934d8dce045c99a5d4ce22d6e470f787ca2e027

SHA256
b754b918a9236857008c518409ee816120e5f55430218c03a7c9b2af56cdece3

SHA512
f258391b4cfa5f4b7537d15af1af661dc58926a63fbf8238fe564e9e80525fc3b4b04719611d1619e036f56808c460363205ae06c835570b77f97b31009371a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91aff9098a47bb8e012e47e54f6bceaa

SHA1
7993f5174f54489cac8b04c1356b7b47da944202

SHA256
cc46d5631b8526010ae5e52980fe9fd9b38c4cb27f56cd524b321ab091685cbb

SHA512
184defaee159dc93c128c5a7a2ce15e9cbf99bac58ea2372642c30bf6f1f52e178a110e0e86204ba65d82b7a7fd5514cbe7092daacceecb1aab6cc6a208e850b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
08c18d12bf3dfc25ed4d9aefc6035583

SHA1
ad8c602cdd50ad8930c666acdc659cb272d8735b

SHA256
6fd4e51d00d4ec1a99cca19440c5d44cbc45ca693849a095c29c96eafd8af3f5

SHA512
1b467a089fe650c3155b7805393e80a0b36d733e7a681cd310ee3a811b7c2f63d9ed0f1defcc26b8d0e7717bfd87d1a44eb72b72081998707a0123a6a2d75e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2149466fe0081dd90d9a342bc73f57ba

SHA1
5b91404fb4971db6706cf072fef4e32e2bcb7eac

SHA256
20b28b0682f2c21cbad33610c58bf40cf8ea83dd955cf1af5b835cad8e675834

SHA512
474bb76c78e34b5675ca378e8cd4ba19321ca1670e176b2d78bc44d7dc9e43fad01a5a1038f5c93d7ca967f6a910288e442d57a4fdd43f2c8ae8b4ddda8c2c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
de54aa266dff6660b3260ef2e5836b2e

SHA1
9ce12b1a4a03d394b03c8d4342d521d578d3c881

SHA256
6b8d7858074143817339c025e071874bdaf00589cef56a85a61c95486a4d9299

SHA512
fc09e1aff7e548428ace38b001c1fe0de832a0ac75b1c29adc3975124a4c947fc8240ac0862098a230305ffb06f9781901a6ae15f9e30057671ad7b757b4b1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1eba4eaac1b513f62b7b99332e756e3a

SHA1
725db9b2f72fffd6ed866ab0129cb0ed5e372a1f

SHA256
342b7bff112025c346acdcee4eceaa669c0156cffd02fb3f4a5945da5afec334

SHA512
af802504056ea864600f947e7ab4528085fda7250fe506b062e453986391eb2f8fab82faf2efffa624ad4d02ac9c2ffd28662fc98f22edf08d71a6dfd0c84b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fed8c4841ffd797d5befdc237f2e60f3

SHA1
cf9a41214e47756ba711b0ffe05f619c46e6c112

SHA256
2f0dbb7dab3bffa7d4e801a8d0c5e5224275d699531645b118e780c90abdd069

SHA512
5fe3617c2a1a6dcbe7178a389bd2a42b7e3abfee418674df2f75deeabaf990d4bf10180586545922c55723c8262b564da70845a313c7f3ff1a5f90bb5efa3089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac415bdf967c7b02168b9dc44a04ea21

SHA1
f621ca1b33896814abc3c4c7438bc32d246de11f

SHA256
4dfa9a417d9f8d116254c84db48a31a8e96bf4571799cae751ac7a7d6865cbc4

SHA512
d190ab8fbbbe69c2c193c8f2930021af8172c7906b776e71818aa49d23d9de6247b413ea6db61ba181c0754d33477cb05bf6105ae438d080d7c69bd6fded23ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
47c0acc0820cd9a71a20ad63416882f3

SHA1
cf4114f29fb5c800c7b4560b4a7e24a275128813

SHA256
dfe7daee7b134d514c7dcd1d0dc21acf93e4256a45b7160972a53af903fb8c46

SHA512
161125500df17230bf9cb3c452eff5c4481d1f317518a8392169c3956270443fa100cb05834a12a301fcf49374dcd0f00b79ba6bda1c6e5f1570300e64bdaf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
287befd2b833e5400cf442416368a595

SHA1
ae1d3d621ad0a4015214d31b3f76a4d967ae7c75

SHA256
d524d6d1709a3ec7c488e85ee76e2704fce7772d57872b0c0a75472d29f04ce2

SHA512
43fd0a9815a5fb923eb6747f4abe60762467aec3747ef3b468cd3bad541f79ab34a800d9e4d3c6669cf664ccdd4e52a5d6a4e1feb3c3b5661d8bfef25e95a02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ccd9b4194c2c178daa290e4dfc5e082

SHA1
0160b16a199781e5097263ab4977778b9a0cdda5

SHA256
2f48f310d1227b05befd7cc57717781c636506b479961f7c4756f36d2a2f82e7

SHA512
b84933fcf9c5e6888df5e9d0059cfcae8e8aa82fa3d82728f501b588b5138165985ac035077ea2a0d45096d713000167bdabbb23d444d14f5b84d0f4c49e66bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11c4140dc294d4c36db244b8061c390f

SHA1
1c416d52139c562e866bea4ae987cf7f42c6818d

SHA256
dda0dce174b0465929ddc2c07c9d63a26531828532ae0ef5a68a007e05c269f8

SHA512
bae3370dc1452c71c5530cdbd0ee770dc2e539cf16fac46a284b890cb7e68f70b242d115dfd1b06940765b8b261c4462666be1ed2fe98b782d0f2722cd4a508a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6514460752cad35cd7e67d9e9d1dcb2e

SHA1
bffe683cdd0f4795cd1b4d53f9f6e27bf0a6b2ef

SHA256
18afd901adb7b0bf349d510b36ec5261cb774027fa5b633cb85ac6f3ee200948

SHA512
3fc26371364725463e7ebd7fc2a95c173ca112cc1bfdcf3f8b9d10ae300e63247423c901a29e2a390199bcbb905552be12290704035150cd93ddbbf441a2c7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5840b90e5c07a8c2503fa1ee53ac2bef

SHA1
f3ccbf60e14323f143f52b1cf94ae56ea8bc9db3

SHA256
29e8ebb7b8ee3bf86b7443071d7ee9da691507fec3e81a50d2c7025925bd07aa

SHA512
26b6b06eb48cd8184807cfdbfbd65009753f2e61e209c85a5cfff2566222144a37c98197f03d6ea272961699310a7f92c879845237a2119fa7b479b679543e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0caf2181fc2ad2d089395b4f793d1e8c

SHA1
9af797cdf82bbe33e957d6089883de789fa14c20

SHA256
c090f5531a82c628740a12eebc7bdf3615f458dfc5bfe9da75f00ed58a17a270

SHA512
3fab6c8a5414acfaaf23b63fb929149ed1e3cb4fb538139f9a25fbd93c7c166ed959d70b128829df5d96a27c222408064bc62351f59c13f1f840c41a1df31b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bc02a452cbf1d8541ff83f77f55899c

SHA1
8059aabdd2cccbf5fc71b8453feab741c1390d0d

SHA256
1fc2d4c1fc85cec76f10058b41542a1476cd7e6e256face7409f7631c92de567

SHA512
44b8f0cb93e555e55ba20f70c86c23b9ab6960cf7b8111743dbd5ce5c750187b22467477fbd94e54d30106a7d4577b797886d1bd22b7568856461c93edae9139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4e7065633de7b2cbf624e58e3b18fae

SHA1
053f228533f70262d7fc1a2e2a87e207273b6a77

SHA256
c0fc7490b67a405fe9f536715ee1847a0707ccaafd2fa6a36556fd2c2a9da34c

SHA512
46e89154b35bd6d37b068e0c00e58cbab8b65cfc80321a03398c291909af09b1df074e135a18438adae12508876f81988daa1e4c137328a830c542a904df7e13

Download Submit