hxxps://drive[.]google[.]com/drive/folders/10nYX4bJQ9y0xtLwT0FxEx23HMOmNZxU7

Analysis

max time kernel
1727s
max time network
1729s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/10nYX4bJQ9y0xtLwT0FxEx23HMOmNZxU7

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
3176	msedge.exe
3176	msedge.exe
1412	identity_helper.exe
1412	identity_helper.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4216	3176	msedge.exe	84
PID 3176 wrote to memory of 4216	3176	msedge.exe	84
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 1392	3176	msedge.exe	85
PID 3176 wrote to memory of 3748	3176	msedge.exe	86
PID 3176 wrote to memory of 3748	3176	msedge.exe	86
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87
PID 3176 wrote to memory of 1512	3176	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/10nYX4bJQ9y0xtLwT0FxEx23HMOmNZxU7
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6759117253825143510,6444019479168030447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e5c0e86-aa22-4a4f-9c51-48fbef9923ac.tmp

Filesize
6KB

MD5
b6706534e81c60f7e85d62b039a8b59c

SHA1
44eb886b46cc52046c56278a477dc91539a2349a

SHA256
ff281e7f69a43806d4bb2ebe49d7004c838e791f5f98ffef1d683594081a35ee

SHA512
1a43599b68035191d3a2fff9ac25cc7d104eb1b414703d120056bc9f2069468195970851840b16dff5ef74d7127904b6130b6f55b3c80801324d56a301c7493a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1a27671f8674de8f0e8a92fef3ce91c5

SHA1
a178a7af8ab3595948bca779cdde1e06406ef3ea

SHA256
a2a5c29069c451ce2f72a5aaf75397409cbc18bf3aa47755c8e8fcb869bb0b75

SHA512
7bf013f61000604a1ed8420e6319d65d933c100e874eee28b7baa965d598f2d44aad2d4ac47e6b2836b01713f2821ba48f0488a8bf12480cf93d0ac722e0f543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
de8b05b2374290286967189b77d6386b

SHA1
ae3248a2947f4064be23bbc2d72d5ca528981fe3

SHA256
55d2fba698fffe9970de2f4e7643a9c3d4ca1312a12491285eba97178bcf2f73

SHA512
264e75673dd558543a641a20e100df37be435ec79039289d5f61618beeefe58fe007e8b68d45dcff51c39b6324129e97b2340ab9009f091d0b03a94ca99b28c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
90f665b524eb066ab1b80a9ecafcaefd

SHA1
db7bffe336e8c1834d932531b56fae328499241a

SHA256
f3a996f3655cb0e189f8da0a208375961d8393575e3ae022b2250b7aa8bb3d28

SHA512
968b6d72e0c4b28e6e6c5e8c3991029cf2171f894fb9c60ac02d36b248f64237d5d05858c9299efffbc4eea5ded9b3cc032565f76e786319834248c43eeedc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
09ae44d0662c249d0649e6df2d7c2f69

SHA1
2c86f5ff1721caf6d8badb35c21cc7d839aeca8a

SHA256
2a93cf5428bbd249ca953872ed5fea6661f5637755f6845df1cbe7a80ae2ea1b

SHA512
798c0999b76487ca31fcafa6b58ffb35d7c3743a80867bf19406259e00f07d6b31952e43c66c9acafafb282841c07b1e96c735426f93e57427709b332ce79c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1ae87bd3c8404c9e29669ba17185a60e

SHA1
974630cd46b2eec5fa4a24a27aef46c120577542

SHA256
ba1387b5874b2303db0986aaaaf1271c00005673ccd39056345e27df9cab8d2d

SHA512
ab8f2748df9d153f5ca352126783a7287070c16445f90a81b563b4fc714a69dcc8b99cbd58e56aa60c3171f508cba1a92db2f8d788d74706915af69cb157d96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c57a015b717a7cdb67f709f9dd9d3ef5

SHA1
1811fcf266e4a698a647ef1e015f6dae24e45aad

SHA256
5d10c94105a7be9087f3909eb84ccd3554ff951ffdf51e9e71ab08cd0ce717b2

SHA512
832ee35382e0b8e3233b8acc390606490b3b54eecbef2f68ecae6edcc7660d2421dbfed4ec99115db22a6dfe93e4cd99e6dfc00c2e967d80cafe855f292155ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
07cc8374d950cf3aa3de0c0b13c269f8

SHA1
9dbc0050c53ed5146d8fe9171dd7de324531b313

SHA256
4670f7b2d3b30bd07dc81c78384f1e1b6da0bb09e2c17f20523dad5cfdc92853

SHA512
3d536d56d361632b5ec25d9d0c8b669825932bd26e472c29051065fd5d13b180c4b2661d58b2aeef0e065f8ca7046b463d64c30239fc36ef2d334f7b2c41f0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5cb871123a50e0545d2cf6c4f61c0fb4

SHA1
89295d4e291e9ce83ccc8cd79ee258b2de937a74

SHA256
00d4027ebeb9a474fcd65f189a2b83d67a075e5d979ddd3973017cbca29840cc

SHA512
16e187c1ef62e15e8e8fec32c97c5aed3b244cf2730d7984a11464ee62f786dcc84536d00181f9f180510985b5c70db998aa4f8476e001f94684af8b488f1ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e069ab01e624c65cb31117a6cb6bf374

SHA1
b6d9752472ca04ba204e2208080af5e6bd40d1f2

SHA256
190f5dcceb61480861c5eaffdc659ae3407cc4dc4dce6953a415213dd6057a43

SHA512
3883e1b6e2adc284573b14ac9a5937737f5724de01e7e002791125f5684104daa192b2626a1bc7f98051d99d3b59fa12814a75fbe4adcc6a57a63636c8007116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
72bd3963650a634c4af83be1216f2dd1

SHA1
e3d632e2116e45ce5dd89dae8b13cec13741355a

SHA256
71e179ada273db4fc55505b276723612c66b188516e2423b5fd8782d412e4434

SHA512
07b64fcdbbca4e6dfccb7c4b7562628e892a372ace7ff04efdef87486701ff4491177cda51995bbd0acddc5e4cd1af8752de9f1a51897be4edf6ea2e127b76ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
836ecd530e3fab7754f12125a7728302

SHA1
1a959b8ef3bcb5dbe495bb6a65fc77af4901df8a

SHA256
df32f948c01182dbd846e09ae28e0c380214d3011b7d560cc064c29cb9e0d561

SHA512
9011ab7cfa16cbecf565668eac46ad9c3c3fb0239ae6a459bac0d5a54c07a67f89e45592c895f3df05d1bd9976815f7749c0950d4e7697d826851a01d3ed6605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
629d58ecfdf971e3eccebabcefe8c72b

SHA1
954e970e281e605f9d461865849b78647141ea94

SHA256
27fe40d422d01635a4df9508d3604b3b0268738da5376860735320cc9811aea3

SHA512
aec6e732a89ead3a1830d54f77697b1a14827dcc1595abd2d80a984e4569e0edd488e24b69c37c5156c09b8dcdce3d0a779e7fb3cbf8bcc168bd55cfab1f0a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d83026c63e832757e98fdfaafc7b457

SHA1
65edcf61b21fbfc5b56ec411033a4d3a73e38b82

SHA256
0faef4794088c427683dec862443bc3883a8b0bb3b4089035a78527a268c4d88

SHA512
ce428e04d0859ad718b7f82d994798322f7044f7d612583a15a034d5b3df760cffa780b5703fff23e54fe191f256f47f983797b0ae6baa3fe4faeed21fead291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3fdbbcc82c21ea09f0fba72376692ebf

SHA1
7e3212225c51672b94d940f13b3f047e84593bd3

SHA256
63016f9fba58436c11c6913212c61bc9ac0ec6fcdbfc06ad9bf65fa8b1b00251

SHA512
be1f836e3146a341e7be6e549f1c0729f2a0fcdcb5bbe18515de5da537dbff0f0b1e6340f248fcdece958658b8e8369065f422817ab1bfe9cdeccc584f7ddd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17822d4ba70ef675c396e7c44c263b83

SHA1
fe064c5352e46ec150dd169d0c38ad78f1983932

SHA256
adc3457d01911b9a877e064f71b41c1fe6b057258e9cdd1cf11bcf3c5e02d8ae

SHA512
39019c9edd2237031ba1d3c4cc13ce935e53e9ce0f410e4e665150cedeba93f07b60058284a959bca2260fc499eea5e60f98582f7de89be43a82f97e0a7c1c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5f2ad06ea400c379091bbe307cd4409b

SHA1
dd5b3fb4451056aaca2838c981a38bd82c55f5a7

SHA256
3b50d3245ffaadc820401d5dfb1d106d7332cd4edec3f25011141e7329b3d807

SHA512
906f5855b29a5c14a2c52bcd6fc1c36b26f4277757b4a5ea94543d91d7b8ccd69ef67fd8c67b1596322138486bfc04ed0c038bb1867edf3caf91f4a31b597710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf1b196ec551a0b90daf9edb8d07e5b2

SHA1
31a5ed35b00ed55c02e2e2665890138256f35229

SHA256
aab8f486e4d16e1bf2edf6cb16a7450d26304d500649c3823ca9793ac14f472e

SHA512
9ef0040cd9640bf2467496ff54dc243523a54e26413781eb9338bfb1a08de4a690359579724f1c787d0afe7ca9e54a16ffd6f12618d8361b1e8c09a5f75ab4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
233cb5ae9abe8928ea218b4c38b4fce3

SHA1
e2bebc0eaec146a24ed0c776e28892af6779edbb

SHA256
f15841a4a82e17d87ca068c1e4334f107f563bddab4e5d8fc262267a7bd34427

SHA512
15f1d146eebd67f3fc10194e089b7d676dbd005ab30e7fca9bb296c97c600b0d8e108dac2089a96139d50a1bc022b299a755f8bcd5db98ca84a3a63b997820d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6ebb21f03a54b3ddfeb9eb91c759b92

SHA1
7afddef21793359c1228b66645acd5e194c088c6

SHA256
b6aaccb70f193df336dfd961bf17cf4e930dbf4b529fccf699b8218e1bc0892e

SHA512
f07fff02ffa572166dfa54086fb5542652562f4547d16f0c147a8fba26440588b331e89754db3e06d1cc8f6a9daed2d041200f82fb7b8027af9240f2ead023d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ccd4497d64d37dce68a24801eafb855

SHA1
088a6be1dc93e67fd020f7094891216b1b81da6a

SHA256
22e7f091da3852616dbc8515c25d8970afa9ef659458134f545a141145cef07a

SHA512
78500e964bcd0cb9d83e74b0c8bb8c23f46a151bc131cb558d55d3c7d9cc230b6e593c777be68b3029a8ad757b3d58dd4bae5c0fc9af09eed026c3f593c210f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33e765ec3245dc0426cb980a49b2cc63

SHA1
1325d1f98597e20713ab84343429d658d6481bfa

SHA256
241fc7f0c5dc5384b5bdbec51b5dc29359b85d8ace6e79774421983e4cb77377

SHA512
f68f53b9997fcf25271430ab58fc1143edaf489570d5e6f83db531d941ac807fae5b412a68b514b6f1021ab660f0ce8ea633f43a5bc5e406d6d8d216a1152562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589ca8.TMP

Filesize
1KB

MD5
276120191e068708301e8ac61471a36a

SHA1
21c72051d71c146d72dc65c1a3b9c9b7fbc133c6

SHA256
d649e549e98492caf884b7457502585ab85d4b9a8fc0f09e886b65f569080261

SHA512
0036f84fd96bfc6124f940cdcf945dd2d5864feeb6063572f85af0ae7f6e95cfe50fbdb82b4a3fc5392a50fc04af34ac95e11c8656d0b9805d2ca045dfe7947c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e4f5bec0-97f0-41c6-bc0a-9bff6b249efe.tmp

Filesize
11KB

MD5
edc033a2ca1df0a98b11039e6c015222

SHA1
ae7c6b4cf21f37fb0eda36e27326d8ac89d1c184

SHA256
ae4a48daf6191eb6807fe03aad8ae3b9cc03b9a72f2bd23385001d4e1e054a77

SHA512
035d21eb43f6324b6599c08024a3a9bb56b4812f58fb864dde663e68a7dd1a16c44ed4a60b1d7d9beca545c9d1c6eacb9537391a5c4c15685e53bc8310a3d0f7

Download Submit