hxxps://drive[.]google[.]com/file/d/1eNHvaGM65gZPNQetBmCc0X9V14ygIJ9J/view?pli=1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2025 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1eNHvaGM65gZPNQetBmCc0X9V14ygIJ9J/view?pli=1

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
97	1636	Process not Found
128	5092	Process not Found

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
9	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2316	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
2020	msedge.exe
2020	msedge.exe
2276	identity_helper.exe
2276	identity_helper.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1516	2020	msedge.exe	88
PID 2020 wrote to memory of 1516	2020	msedge.exe	88
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 4560	2020	msedge.exe	89
PID 2020 wrote to memory of 1944	2020	msedge.exe	90
PID 2020 wrote to memory of 1944	2020	msedge.exe	90
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91
PID 2020 wrote to memory of 3588	2020	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1eNHvaGM65gZPNQetBmCc0X9V14ygIJ9J/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd6db46f8,0x7ffdd6db4708,0x7ffdd6db4718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,12393245491176105288,8218857362687687291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkNCNDg3MzYtQjdGMy00RTA1LUE4QjUtRUUwNjBCNjBERUZCfSIgdXNlcmlkPSJ7Q0RCNjdDMTctMEIwNC00NDIwLUExMTQtMURFQ0M2QTEwQ0JCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEUwRUJCMEYtODYxMS00NTE3LTgxRDItMjE1M0U4MzNGM0E4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODM0MTAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NTUzNjg2NzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTU3MTAyOTAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23a49f216451ee947be8a68aa735c7cf

SHA1
9c273791aaeaf682a444e087e06b207db1e0104a

SHA256
bdaa3f4222f885174b06030a224ad994d65c44d73b6464283319b06d40333cc7

SHA512
e019599c303d05dde8559eb740f8b27d59d3d77f14260340d5e35d280fbbf4b5f4b6963fe82e8f5bdc0f3a9497225b8c5daee48f21636c17529a33416227005a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
561866be5585c8e4a77c49ed36812ee7

SHA1
cce7dd4e95d684667bf44c7c3a6e3ab9d7f12c54

SHA256
43d92db66dd74e7101be562f8c7f3fb796f8e340cfd51b7d1a3137e6b2127bbc

SHA512
c1dbb1eeec0523b9046418e27718617681168f9246d5ce2d21d543a638f4b9d9e9d4d3e479b6e72e38b71e355ef13fe3a410b9c7900ce47930b44301e65ee3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f5b14c9495a4eb93f879f638115a2beb

SHA1
99ff1a677b2ab656723ab6f11e095a9dd35f6c29

SHA256
1429c1591826f86524d97deb81e25bfa7ee4118b9a31888a4e1faf9c5831ac3b

SHA512
2b7d2aa49cee2d82545c1c762d647b9902492ad1fe6ce8b6cc227bd070f92b7666efe34213dee516b48379c5670b9de1240add0a421fb8d6a6334afefd05f901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
897657cf7b93dcf2dfe6364cf23c3693

SHA1
c09ff399ade078ccf5fa666930d1ec3f49820ddc

SHA256
fc364d1185f5a4c30c64d47e2f6b75e8de1d9fdf442fd50f2f31056210db1518

SHA512
c0c1033f7a1bbfd2df15ecd0b22c2a1d50593dbe74026541432cf39780330383f23692ae5c8f54371cde8f3d2f7b236c36fdfd92275ee2770fadd4f0a14c92cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4c5e64ab229f46b51748426de27070a6

SHA1
6fee6c5ee3b46ac927e353230722988bcaef46d0

SHA256
212cfe4f6e4fd50b520cd31eeca66b80f5ad31fddcb667242b1548c23bf35e2f

SHA512
ed87cc1367726e528b5f68f60951d537e33e3923a1e6d4e3890509fa313241177ac244e901a6c3698cb5325a28d48b602e828d9633713ab3f1e2192eb126a28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e23b1f844527217cadc54825f69af55f

SHA1
4682e0560e85ccbe306c904d812fe05cc22d971d

SHA256
9caef151a1b45f659e791c3d924507299148da55395b96bedf3b08ea76fd603e

SHA512
32bebd1933b016e0e0ff7591c30df69866cdf345c4f25ba1d6a6d18a4e32adf54f23e50dc098f579a7d3748f46b98f25dcaef70f09cb9f1d1711d0cf64126359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97dceb913feb94a5a37e5fd69840fb6f

SHA1
78f1cf2d79939219a9e785e9d1ce6a1e7d7919ee

SHA256
3868bdc008ffaec10ca38c27b6c45b1bf0a7e3217b9fe767125fc69718d11063

SHA512
9b7f0a74f5bb400707295ad2f06168b3a7fff4949860755e2661401d27e0c17c450e5e1ad35ffbcee17da42917c2ba6f669c20f1feb92a539505fcfcfa4e2f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36b8bd55b785df7df7ee92fb5c366cf0

SHA1
be3102b1f46990f912bcc9168fdf517aeb13bff0

SHA256
82abd943c7642d305bfaf46d47cf5564b5f834e8ccf46dd5cb13e478722628f5

SHA512
5fddeddc55de046639fb2a14f14dcd362bc282761041c18301efa0e2efc47e7194b39428adba0aa857a7950c8685110e0c9de6ab4e6922382658753174ac25c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3111862d3f00a1c99527d3b448d52f06

SHA1
9ca7272bab640cba1f14c4a40e7ea38857a875ac

SHA256
84a0e0cf32203c2283cd51198c4b2e60304170b2569058d247ed5cfd92162549

SHA512
7e5ca5c7fd17abaaa9e1404294d364d80810f44225e39fd3f20f5c5b7cd37d84250b2e448250f9728aeabd217bb011d7b19d4383c6e664c47fa6b3629df2f351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
867fb0ae05e077126ad241954dc2e0ab

SHA1
8af30a04f01bde5800731e18089b7df862be1442

SHA256
f0aeb0aee496a65a063a6a6ba0b97402a04098ba1bc9dcf0573c24b727f91bdc

SHA512
165a1d664cd034dc84a7b513552d77848f161700e161077423cd42f39781a7330e6b1bb1e464360adbd846e873e7ab86cc7df6695782c6ebdf38e98feda5b9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a91d62a87eb8d70ffc5a2ae7d61a43e0

SHA1
44d19e87ddfba672868e9ccf6594f469c5e3be8d

SHA256
23a6ca3dbe2a9ca15f82de19d18dbe58b857fe8a1977423bb6a8262b88ffde64

SHA512
0198fe6cfcdbab7a396f494045254d8018b86eee5092f60d06357a38422867400635bc3247e5156662434e08b6fca840c29960e01651a151d77437263ff10d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
a9ac68935181cb792df6610c037ad7a0

SHA1
a9655e5658b5ca51604a27763b61ba40656ac13b

SHA256
eb4b0ccd117bea21234f68831ff64a1d84b1a30b59817e5458b7a2c42a00386a

SHA512
3d2e8789886b0984bb5fefd977bc535d72f5df2940ccde91403f644afc300ec1e112e176578cc763b97d990215ba85efd63b2b263a52811f748c98828b8c1583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582390.TMP

Filesize
873B

MD5
50504790362a23a53acb1bf8b5d8d848

SHA1
441e821cbe337f8e73385f5b20ea529b09fa2732

SHA256
ae14f594f590ec3ddcdf9fd82cc6a3a6e1bef3b240a5bd375a28d7bfac3ef6ed

SHA512
f229e4c0c5c89b29e5abd1c5474de3ddffbc6e54f41d677b9f513954467c20868443b6a50497d055bd6a33d78b4494042d27a074feff0846122185d44bd7899c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4978a202bf15ad8957ea5fe9b6e062de

SHA1
f946c6be5ee10804f577a76764f6846a31fd3539

SHA256
6f824a2501948ba150ce06848732a648cd3a6bd8ae359d562f029ffbd37302bc

SHA512
26ac305a1ab06434263265614a29fcc1999b9f9bedfe9375f64cfa99b74d26236e4452c9907bc7d452885313f32c69ff2a054726e14bf1fc11ada07100b737b3

Download Submit