hxxps://drive[.]google[.]com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Resubmissions

31-10-2024 09:12

241031-k6b4vswrhk 6

31-10-2024 09:08

241031-k35l1awbjn 6

Analysis

max time kernel
1792s
max time network
1730s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-10-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
8	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e5f7e04e-7575-42dd-8a91-9a623cc5da52.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241031161555.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
1908	msedge.exe
1908	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 4784	1908	msedge.exe	81
PID 1908 wrote to memory of 4784	1908	msedge.exe	81
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2472	1908	msedge.exe	82
PID 1908 wrote to memory of 2496	1908	msedge.exe	83
PID 1908 wrote to memory of 2496	1908	msedge.exe	83
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84
PID 1908 wrote to memory of 2484	1908	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1p7RQl87qm9zA7acA1Z6h-HIWxqDPhzwD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9d28046f8,0x7ff9d2804708,0x7ff9d2804718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3808
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6dcd85460,0x7ff6dcd85470,0x7ff6dcd85480
    3⤵
    PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12810066750938971736,11718164512194793357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b979e5d6a55b5a334bbc3f38e3459316

SHA1
19957504eab211669df0402dcebf74a768fe1876

SHA256
35f641ff47bec5eee4881262d54b2ff6f65341b3f9f7bafdd8ad0d0cc7bf22d2

SHA512
44f60f29f1d3f1af8c63118af696044c9319289fa92bfa19944592ee1291086597eccac799d95cfd417c621691521d5e2763e38663994836828b50a7aa45511a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
051c1ad59eeae9f197221573c013a116

SHA1
acd4b610f41aed07cc76439016c34cba0164e03b

SHA256
012d557fc06f2a054ce51c6508ba7ac6bedeb7e95bda44bd3244971d57b319dd

SHA512
8a315012ebfc24bca1b778bc7d2d4f8eecb06fce85dacc33a39158b74e58bd1f9bbfb06cb3769cbfe29b31a0e386d178d240108621f075ef316786e41db0aecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
dd8e3bd797ab811236a6d478f17320fc

SHA1
5487302269feb2d0462bb07212dbca7ab893da8b

SHA256
0fe1e1b67fe2b53f9f5526537705440935aa7c39b80d5af947817ed9cb05d90c

SHA512
4a628020c8192bbc127aab6cbbe870faa23df3ddae7a064f56e695131c3f112530ae3bbd233cf8f196ac7073842090abc1a2b618c753b4ec2157b4770cb16073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa0267f563e3764b8784ec29c04f1183

SHA1
bf80f107f3814eab1b2a0f4be440dbd3b4c6a0a6

SHA256
b0b455bf2a4d342230d7c98b12c585977075e4dcdd10a587d28fe48235843e61

SHA512
c391fab84ee7b20888618ddd31411d3cff99476b518a592502678a733d0b6b3b639192e2140ea38da54a4978d428585814df356135182b8e2c31f4af3908f6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2c35869428828a70942fc64cfa34470d

SHA1
fad3a637b7bb555ce5dc5eb2577a3eb0a33e1218

SHA256
e1d11fc79bc19416976b89802add9a1bd20a29c510ae675a052d339d4cbf1af9

SHA512
6c3a8e295cd83576667ebe40116c1817edd7f12913fd4ea3da350b8e688e5b8cac6fdeb489f0d7ae7707221973640b11eecc38c226b950e9f9250e025e0ad726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29f287f96909bc10e81f6928d3ae13d4

SHA1
e6a2436c84b01a4bcb8b2550cfc6a02a3dbfecf1

SHA256
001e38cdee924a3311141096a53b8f3b6a23ad1daea60d3101f97fe464bcd955

SHA512
100346f4637b2391f2bebad59bf829f87a0fdf093d60afc3c206ff5d22ffa8c9cf10852e31c1df3e82bad0b0855041b1d0041f868a8ca80605c5554a78b0ed72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ed76d13aa202d3fe09a191c32270503

SHA1
d0c3093ddc79b02552c5d4f2214d1c081fe1faaf

SHA256
e114fc3fb25b8d98ab11bd6217dab450d226cd9a9bb973e1bfaf8bcdef193b24

SHA512
1ff525c53c3fec40fc49430c6d42e3e81396202d646cf08a91dd4e120fdd6223d2222129e7525e1dbfb24306a6007c09d2fa09c6f11c459ab9580825b7ef388d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17601a023b319e3b57564a76545c1109

SHA1
c0f1bab9fe3c2268548b9238385bbe80d01f5651

SHA256
a6b2fa27701c5d32e86ab5cee8bfa91af7e1aad9b6ad4cd1e0dba3464e1f27b3

SHA512
8bcd76ddc7da97f3caa6d4e7d7dc3333447205f1a1b0fcae7f708126848728035e07834cfd90cf889f0a98d7c242b11823624d4ba50f8a35f62dcdc3ab348fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0e3240abecfb9f5873c4297c11fe82da

SHA1
fce859c8a0cb8238084ed95c897910e151f10479

SHA256
6dede95c4cdc902fdca71a8423d7bf23298ace419d2552c8e697dce68b6bdf61

SHA512
c84c10574503d4f37a1cbdb37cb03a8104a9200aa880c05c526ee7ae2d9a9539e70f7099fa4239d5c3bb228f48ad9fc9ba07550177a5c87842bdce2db9ee957a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b613354810dd0f05e007d41d5a17a8cd

SHA1
8f3845ef89534a1ed51254aac540947a2782120d

SHA256
310517142426a03d8d3d3bd3edb4a03606bedca58d85029e172a5250c3f312f2

SHA512
a7c85a4a8b34d9be976efd8b8df65e262667ffef1c187c9197c7c42ab14fc333dfec0253e82192473c34a07c3ba9c3d6f0fddeebfc456fae53ac00e2775a1603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
53901eabaf92de45856da8694370b74f

SHA1
f0ed17d0a32e8b48a290f2ee0af3fca9df575ea0

SHA256
652a9225c6b3a4fffe4a1b8e6c7d423645a5b20f09b6074c77bc25c4df73d695

SHA512
f94128619296dc3e693212999c62c791cafcd0726f3d8d84039e3c2796149469e8c24f42a1c85bee733bc70bfe78fddf2b68727b0efa70a3f91dc00c5c43cb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
170d393c7cda1897bf00ec5589fda35d

SHA1
34ca67a8d34672dc98b230a73c7d1dbd3fda53a6

SHA256
c08b10c33058375e249f2333ab9b18288a03eecc5c7d680161c7670341a40aa1

SHA512
f54cbceb09bf432fa8c6bb05ad30f42ad3ddb475af8a882cb018900f57bc61e021f18bb915bb4c636a6aa7a3c94e9fed2720569641ba4052b1e3afdcd136292c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80412231bf3ad2e1088baaec22111817

SHA1
d9cb1343fa7cea75afe7525b60ef5380aa3d65aa

SHA256
649a0eece5f544457b34d7a1804e2d1ea2adee9d1593d4b531004294b7bdc27f

SHA512
e3f6e7a61b18ec104435cf0bad6d200b4d8f735390d62aadc9092e7d7ad2650399c63fe4d74796b7258bd4b9800214a6b39ecf1381aa71ea327b520dcee9e9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
959fe334722e13f93489dbd7b445384a

SHA1
34f931b3a98bedfb40f6ff49448ddb78c288e9a3

SHA256
a037fa88b7db6807e802ba6f833f54300f771893a18fe64244419f6aff461be5

SHA512
6c4f5323b1e5bece87b18cc5867ef1775a2c6eadd6d3b37c17115b97332ac33e9ca2831e73506eccd2e9d9cfa4a43e630f74b8aa871536815f7ef0ea1ecd2f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c2e8a2f874967d25a78ad4781198a686

SHA1
b1653c34ca0086ff9e2134ea3a6d79d25c79452c

SHA256
ce47d9cfe3f8a0bb0bf38f81831ff454f3aa93fc61a8b278d2a00a5ec20f2961

SHA512
88a00209fc77a3cb910d2f03bdb146c91ab49c886cf62ed8391d39384d8d2027868343eaec4727910437c2c6c06d02e51a84ca63b4b9613804253cc1af7a8542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ffd85ad5d26038172e925e827bd72fd2

SHA1
07330c610a930b50fa64d975c04591284607de66

SHA256
76a859d5e72cbcdf862c5f095c47f4b85e6e793b909e1195c9afbcc1b40d3c47

SHA512
33a4f99707fef898ec819e8a681a5190269c478f630583354439bd8fdfafbd7e3292273ef88e33d297c3a1032da225314da1cdc9a17448e713fe1999680b854e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0827f831bc01da288bb2f600d86d78f

SHA1
1cb36c9edcd77b69f45cf174f83fc4b541c2d52d

SHA256
905b8851ce26a2d426f87a332fbc949b6a6c2ea32317a47ad91d51840124d1ee

SHA512
913b93e9500a0c17c8de555936a6ea5d918781d640d057c93df30977a9b329643ba8360ee35733173f82873e6d9c78d047cb65a564520a224601cbb9bc0f817f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c8b6df88fad1cdb454aa3ba4f69d28aa

SHA1
39701a4343cf72791a19abe202b3ae5f07e5615e

SHA256
5d13547faa7d6cfb7cd8b4ccc492f466b54dd3074936d68d14b9dde55cb3b536

SHA512
0b768b5fd7babec0258b7f1ce4781ae70a8ba2e678b98931f151606da7ac4c5fe8b897b238cbb1483ed25a72f5f79a54a7c4509e3905e3ca6a69f665993fc06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
91696d2d10ab86a10c7b402ad9f93031

SHA1
29bd98c88a51c3d67be86739094a0e22bb890b96

SHA256
a49ef7e478c0b2dfec88affd1c2143f6ee9aecd2ab49ba85f5d604b879283ef4

SHA512
7face43c77ea19d2d1720729c413614bde75bd7e65c139e80d1ef557e5d360e6b22c5a6ee386b00cd109e15e29b15b9cf62fef80f6775b3dbce6d3aff458dd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
401cd342a9fc61b506df062cf934cb3a

SHA1
8dd2d10a493a9092f886b9339c26543ce13eb315

SHA256
2e88f9f812566a311d1f2865b49b95b8ffa5293bfaf391a92b5212e08c4db1ad

SHA512
a11bc76c33fe3321ce8d83de1a189564e854a5316f03574464cc918b1678178c24039ca9d47669fcf45110ef6d1665f4ef9917e0da73a90ef1081d88654dabe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3271192acbaf8080106230fe641267c6

SHA1
11c71d091fa647cf7475a66f8fa19262a6b8af97

SHA256
aa5ed843985745dc0a8b67136d04509e2a1ffe12f608d9137b46d730b502a740

SHA512
09053f7de8b7f55cc0be85a37017db496d77efe3698d2f92a5f27555b5ef48bb3c58643cf3ec5b89f0a3064d5dc1cc29843f9e1bfc74d37689cc5ae0d587b7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3c73398d62c2182aac5dfb7d2f2b602

SHA1
6a237d67af3b271b6d513d6e1ef11d801402038e

SHA256
5f223244980595712baa8082112438e4c146d463003d216af569bb3c34548311

SHA512
31cec0576093668a6407a20e81a5918e88107b0a2d3239c09d6e2037e43d867ff9e8120f53c161bd1497acc98728d629166909eef2456f674a975724c6478911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a82e4ebf50a99f4b9141483ebde69fa8

SHA1
ca6bda8f11bcc0dba472594cadb9e84352a8539c

SHA256
224da545b8b48c6c02558dbe18e78e8e18870c71596af04ed525454997c3bcd5

SHA512
3f591fdd46ddc238700b06d3d328d162d75625f6cb331e35eab5f815c0f78729c97d7defc42ba3d3fd866521867c195f1f882510bf46dc667883726a6701ae3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5881dd.TMP

Filesize
1KB

MD5
12d40835c54b24653d40c302ecd80f64

SHA1
803cc00a3466b14ced96d7900367d5b569f1cfb9

SHA256
a353a0e111e48d0131e2100a49ab37acc0b2ac0e81c596dab826fb31001daa46

SHA512
5e2aa66afb4ffdd914c603a2ba098fa8b0ac79203339a8b4b41e4a3b5d639f98d248e6f771fc3d1a601e8a87f40c8fc5ca2f7f4d69903d882a6a0c11871d310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a7b81ce0-3714-4b6c-9779-c09078705d6b.tmp

Filesize
5KB

MD5
accc2c82ec28c155c316b0ecdbeb211e

SHA1
a7d5915e83a9cb1b39be7f0194e654fd7ab38249

SHA256
93280e10f76175533b973cfa0baf37a9cd1bf82ca612e21bcdcd7f98bfc0209b

SHA512
8e060988a4273da28e0cc18f9df12c200c9c7f58388ad7542f2d192418c01d3f71c09448284fa4e7a40364b7937eae749e5d3a3093f33ff9f49e4f077991b571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1477358b99bdff30023e340803bbac5d

SHA1
1242f5dbaa673c423a75217dc84c35cc46413e91

SHA256
1d4690359b9c4b995b4d625fb0f9984f618acabcc1ec95cf76ea8faad3ef262e

SHA512
375dd6f22d6289502131593d6226d88d25dc0c7e4a2a2deda29f54144042b1ea9670c5ce9ad41f78fe0547e5fdb45c95a3e6cedbea38d8a1047760fea3f67b7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5b40264cdbce4bc195fdc1e8620578e6

SHA1
bc42a211590a1bab2a2cd36e5090d85220d47018

SHA256
bfee6ba5813f5f571b45fc8496a3857f5abef10c751abb6b06bebe4347f6f190

SHA512
365cfdcbc4cfce372af409235c130c4a3d4479b4d65e025302dfb7863e0ecc52fd567cd89699d84dd467b8e76a04085514df8c5e62d17dfb8898647e7a32dfe0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
bd09932c86205246b32f207d52cf5663

SHA1
35d85743ad09a2a629643e089af54df4f0c774bc

SHA256
8a6618e4ac318700e608c1693979f135b48b3591c5c88f09ddfdeb74d57cb259

SHA512
dcfa43b7930ac31a710c8214eed843ac6773d9574f4aa54c718260845a8701f2d350a925601942722c6cddec592592d3779969d40c12cfe63a0086d1e216c81f

Download Submit