hxxps://drive[.]google[.]com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Analysis

max time kernel
1800s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
1100	msedge.exe
1100	msedge.exe
1632	identity_helper.exe
1632	identity_helper.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1308	1100	msedge.exe	84
PID 1100 wrote to memory of 1308	1100	msedge.exe	84
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 4684	1100	msedge.exe	85
PID 1100 wrote to memory of 2252	1100	msedge.exe	86
PID 1100 wrote to memory of 2252	1100	msedge.exe	86
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87
PID 1100 wrote to memory of 3940	1100	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1PPIHNKNQOrbqj_D5UxDgaV6cqaIuqMzx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff807f246f8,0x7ff807f24708,0x7ff807f24718
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,7104583292685081975,10619386130967276200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
c2c09fd0c447b503208ae2a752fe2d91

SHA1
f01102cba2a52d3c571d83ac946a6305eb650b06

SHA256
f1ddfcdfbf0eb905ff49f3b02ba11c7d79a80dfa2e9433009cde0ce73e9e527f

SHA512
920f63ff5978e37615ecd0d5c0490c0b0c49f45d1eaff6440d3d31fbb58477e3b0e3b071e3c6c4baf1ba53b42fea06feb6eb8e8fdb125b13527340e0735223a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
7b4d251799775623e718ebc47c328045

SHA1
d12f690d04d9fed60a21596fb98e00a7b7aac702

SHA256
d4186ba3fa7d10aefab20c186fd9e972123e2e000681a9115101a98f56d0d008

SHA512
b2e63cbc664bdee4cf899588f4d028c70c81f791b31c0b1e0940f784658e764b32014b1ee163244d00c3bbc4a445241d0cf235fb3cbe4e9cb8a55b90ee4b8b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45f1bee709a47d21e908536633f49a5b

SHA1
32526025dcbcf4ebe91d3e574e8f33def31983cf

SHA256
6f4c014f7f2aaba90722aca3db0ed104ae0fc2fbe939b3913b8e3bd5bc4f1d39

SHA512
b5cff9debc7cc325b2df31fc98e863166439f6b1eb135339f35c7a199e0f1937ca6a35e55e0f324b94645e88e68b5a1d29c1f852c884882d89def5b275e1f7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6ac55f12f88265dd93996e7862923e7f

SHA1
924e87c33a1648a47bdfdccd17f027f3e4de7485

SHA256
1a538ee3752a5bdd2e26dd71f65977be877f8979867dd79fd69443eecc95cf01

SHA512
2a014034ed0cf65c3d3e8f7d32e2aad3a19cbadac9f3bd8e765713f324333fa33a498be58febb4fdc1c65b3a79c521c70df2be977100ace264dbf5485217b05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8040d6770fed0d54124bf61d653cebd3

SHA1
30d72e3043af5ccfc9ad770d83560c39a02570ef

SHA256
74889deaa65de0f602cb363694f32f891e5761682a01f1fd7dae90ba872f75d3

SHA512
616e5665393529416d2ca7e52080a900c2533adcca2b1b0404f87391e2ee5210cc948e1275b1f8ef3e043ef7b0d8cdb95d3b3cf582fc0fabbd134a2950f84d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e390012ea4cf7748d6c4b8e10a29c6e4

SHA1
b182f0f75df406a3789ec79e0d52aa54e4a02677

SHA256
c977e4234e7978a8cdebf11ed139e3a4985c6b91039794592c9bad40f40414c7

SHA512
0328c7936e666d8e13ca673b3eeec069de44b0304bb3d7715757b040dacb624a4aa228648dfd7f9e308455326ea666df767161d71325d07dcb66d055876d7c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
acbad2026b86d2c159fe3787088e938c

SHA1
c3015d8fc54b635babeddb63dd754f8da0905907

SHA256
c5dee0d0a6b8a392fe11f360a01ac124426daff742fa75eee493dba86383ce8b

SHA512
21cfb5d680f79344171ff816e015a9df4fc0999a109d3d237f4a1f92d295c6d21cb0dfcd2ba57c3a5dd5488044e8592dc794821e2f927df6b808274ed52a5eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a7af7f0a939161cefb7d0d83b0bfbb10

SHA1
a73230fc56de70694ae5ab6ff03509eab10e8777

SHA256
00bbe1f5c60dc6b2c2a90e2b93065446941db184bc98f1de3ff1f44d2beb67e9

SHA512
deaa7f24cf2b2f6131686c3ae1eaf77ffb94a624e7d2b546b414e48ff3c61c08f0e2d6fa91453d2ca47449c3469ce44514e2c1674d6157c06cdeddebe3492968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b31d1b96fb658c61775866adf7c4faa5

SHA1
c4e87c86f82efa550645b67d923a0bafd47073c1

SHA256
e44805258b68a91e560089c5e3e8980d0aacc505d41445bc17a0d292dc452b31

SHA512
87e57c98395d20b4459ed8176dad8e33f34c4fb143fa4cc459d37f44559a15342dd381298f6cd527e7c1882e795550b94c5b7627da2add15b1f5176717eafffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
287f17d01f71d0aa47bf8ddea40bad56

SHA1
1e3b56082bd18634d6c500e4867bdb3586b9dabc

SHA256
86ab37140e2d43e7f7dedb40f3c9e5dd46d7380fe462a4cfc5ecbfe17d131926

SHA512
e818ac0a17a6ef1e24a3d1fc677e41fc4d11287fad46c85d4213bd44bd3996577871075cabd8e972907adadbd1e1c15f3303e713b0b845c6d34866fa1e2a7e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bbc8d5dd8e327a6479f8b62e9aaa1a8a

SHA1
58a905e3b30952f3bdf74c4302c8731568e57bc4

SHA256
7bbe13211322867aaab151cef97f72e72535eae505235801213728e0dc3d3a8f

SHA512
76b9d9857360b80cd20e934443f6faec53ab28c70f37a5ec850866d7e9a289a24781831ae98c43050380f68e5bc42b15e1f01d5561bc2e3b732b6c06a3d57a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
12ec25f38beb2def52059a98485612ac

SHA1
50082113fbaea60ff04e1d80e1dd616bae04c2bb

SHA256
ebdd90695b88611b11193d5d2bad20974910f23af26111eb700da59c3e2b2ebb

SHA512
62df27d40748bfba5c677989b0b65fb7f67877cd81d9ced5e509bf3bbd51b55cbbe9affe50e4d61351c16dccca8cb08d4edcfc298a63f91f55c28e4286646629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
78a774da90337c0807ef692842203b6a

SHA1
2d4fd1c36931f52239e4b9808e5007a7f5a5257e

SHA256
68968d2840849fcb4cb5bbf90a838603908321ed92e741dae1d9b48ee35516e1

SHA512
584294ad6dbe07b8ba51098f65d551976fa99ec06782838f1ed60f89a63d9f00b35f0b7a24b5933eb0772f3da21749f2057570fd72d422c4619272ec365ae8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cc5551fee2a974eea3e0fab1d0bc1b20

SHA1
497ce03e1be9c3ad49ded2e6f9cdaf81d25e3131

SHA256
39d5b7fe6eec977d5ee28344cf1610f3026c3a8b24b14c088d1b4bdd6e4ca978

SHA512
112f414d60a23f23883ef710ae62784c60a1133fa3ca1ec96279c1cc3b06b6f43b51ea81e7ea70c8d6d302054b91bca2531ca7d890becbc534ffe15ff6b77757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
daa7ba9730c7f27468ee6873fff07597

SHA1
3a75f709978d3bccf105694362702b3e505ed528

SHA256
71f41ead52fde03a25ec744a75127617e4e68d61ae3a1f5d37fbb74aac351a6a

SHA512
3dc48e7bc92bd866833364edcd7ac8e70d8f7d49b0df059e9483ca11d196a2d66c28e50397cc89e07d0f5ac2d9b7bb3f8ce540efba2189c2a62c0d903b9ec9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05f073646a58ed266014eeaec36ca1f9

SHA1
521df91a0cc6106ce7e132a87de927c8c388fcb9

SHA256
a7bcf7baf55ce01d5b69f26521e31c110a0d2821123c96e7cd847de9f2b6c2e2

SHA512
7c9fcf170399d48f4ee00d277ed266909d61768db12e1caefa82b64b0f94f2872a9ad85bac621c772e21dcd5438e63423fe3060bdd542401464039d3113b4e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e0db83dbff70e6aad56b5caa8ca95252

SHA1
9ddaaae6a3771cbbfabfd38ae1f8ef40c003e105

SHA256
6279cf4d75ad431486bccd1c52a06507aeacf3430f26cfcbd0a181a72df46cba

SHA512
e0c2a239303d25a0cceb687a2b85770168604bd8d297012accc4600ac62bfdf5dc4e1bdc806fd538518c5ea7f5b1effefe2a8e394b025c6b2ec9e4175f6c40f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1d4144da753659e09f6434b1926dd761

SHA1
8e38a222345fb27a4975cdd36e52e2efe092807b

SHA256
3decf938196e5c4f84197c43b70af8ff8dce1ca69079f554ac8a8bab87843a1e

SHA512
7bb16d1706494d7cedf32b15342ed4eb7e984ac1b424aac761e47284a838693370ba5ac15117029408c58e6675ff19c8586c7d3fd251fa23d64e061f31ccfc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
977d67b6de276c51ff2b3cf138668b4d

SHA1
f94d827415929cddf3e1ffc1fe5a7359ba79e2eb

SHA256
a7f2fd0e773ec0bfbec8e11f04e32c5d0e05170540d0358bfdbae4c1d4093ede

SHA512
a2b5e481ce20c931970a1626831c34f25d1946708a9caec660d9bf5585701d60dc28f6523ed133c12da3ad5f0cf1f6db7de522c94ee7debe86aeb67285312894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90864429b9ab4883e3e5d4713c204faa

SHA1
7ba72ddae9e1c70b8b6ea48176b2a043d8c97a75

SHA256
276e662f371d9ca206a611d0fcaf367705c4a1f078470b189bde7e74483a964c

SHA512
aa975220e14163e32f92c068c77386c3e4d3a21bdc50311474ddcc428b18eda0ff0a1556e20aa4842d70d3f86e41c939cc3e7ecdebab9fa66c4e34edebfc27a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6de946007a228f021febd7c89dda43ac

SHA1
8ec5271e21f551c767c6b3013d6b8bb661f9f641

SHA256
4731e08149c36322a797b190b1a1cf332fbb0ebc83a2e1532148af3345457ed4

SHA512
aed721a833e21ec5e954ee7ae32581a5111d25a0627906a50cd862623c60d93b0fe04e2ecb461e2506abe802450eea5f9f601429893b78d05fe333bb6c167971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4482979255d8287b3d36c66f594cb70f

SHA1
18ebca141dc14844fc78fc56a23d29c758ce7b80

SHA256
6fbe8ef2f7be7393b4a5beb707f53f3bcdcb1b4e7517dda282cd79d754f4ae05

SHA512
5b3cd07401b30dac2fe4e475dd87b76537e57fa4f0d453fc1752c2e526f6828c8e65d427e1223d1fb94d0f23d6f9876791234f19341fb7dc9cd684bd56ecd99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad23.TMP

Filesize
874B

MD5
82ccf120242422dae58668ae6da84fbd

SHA1
dc79b8fcb6d0aa537e55196a0d6044e06cbdfada

SHA256
7e9517e4901a44f94fcbca2b5603688f223d57cbef4d2e716d846a361ce97a31

SHA512
d56b30484389ec70ea66ea3ec9247a17209c2b91be590295663cca1684c9c610b9d51ff71b30aee780a5fd01beab7c7d036d1054f4ef4e44da0419b84ffa897a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd629d864681a5279a47a14be6dcfb9f

SHA1
f3b30485d87aedd6fa16e5c2bfed2763578cc08b

SHA256
46ab431cb7a2c76d5815637fbbd3e7099e283e5b51fa336fc9ecac412cbac6c5

SHA512
8b8a4b6686f4e7265d8a07c049d19d2bdcc000352178d1fed5d2cfc57e14339e1e30207131fef1718f7eaa51353e126c3e5d515f5134505cb2f8e0e2477d9dbf

Download Submit