hxxp://1v1[.]lol

Resubmissions

30-01-2025 22:06

250130-11eksswmdm 10

18-12-2024 16:52

241218-vdedmavqfs 3

Analysis

max time kernel
1797s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-12-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://1v1.lol

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{7C93CBF4-4286-40CA-A8E2-87B69D1A1D28}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
1628	msedge.exe
1628	msedge.exe
2832	msedge.exe
2832	msedge.exe
4552	msedge.exe
4552	msedge.exe
2084	identity_helper.exe
2084	identity_helper.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2216	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2140	1628	msedge.exe	77
PID 1628 wrote to memory of 2140	1628	msedge.exe	77
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4712	1628	msedge.exe	78
PID 1628 wrote to memory of 4244	1628	msedge.exe	79
PID 1628 wrote to memory of 4244	1628	msedge.exe	79
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80
PID 1628 wrote to memory of 3760	1628	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://1v1.lol
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd7553cb8,0x7ffcd7553cc8,0x7ffcd7553cd8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,14039592928909373536,5660610554201511046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
ee736f1907b5303e0d137d7637fbbc33

SHA1
9bcad44e079bb646c8de14adb48c18e2871ba73b

SHA256
ac33641801188c375d493efabf1d4c866d997a683f58dc7cab4fba0977226941

SHA512
5cd8393d11acb22b23550dea742ebdb947f352074d7e302f34e311ad48cb46fe79880142d980fabf6b56cab4625b463c5152be26d3646e5a232721127e7b6546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
ca17c185a7c4b88869170b06b7e4c50d

SHA1
fee4e1af72e371a4534f422fa38f4fc486610e81

SHA256
b783850998f61bb18e5712c863006984da5a8c64e69a09bfba5a7114ee087fea

SHA512
feac4b8fdf01507c1d5e1b524a478e7dff5ceaf34ea1805e0251b530f03bbadfb30e358420b007c6b6d200fe2173a4d6b055bed28f7a5fa195ae52143b706a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\19

Filesize
20.5MB

MD5
6d7782198b854125339f3b58f0d881ba

SHA1
c5c1435db100577a12eaf79b412cf0c83afee3a3

SHA256
3ad76e9e8be2a917264120b1864143f764a083245fa77a2383517583fd2a0842

SHA512
82654dfecc15582c9fbe9e915146f2ae7aa3b3913b8aa5bc7940be3f4ec00c2d0d3a47b036c2bda0d1869d2fb3eecceba4c5627d75e80a1f342958b770911cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\e

Filesize
5.0MB

MD5
55effd35954dd90984e71b7ec24697f1

SHA1
b6dcf46636d9aa06bd2111d1d7f197167a71c5f4

SHA256
2f6989c05ce8d8b0dd63e1c1d985a184efcf9c1306da8cf27ae4fbbb3a0dd3a5

SHA512
00cbb5852d8254d74dd6b71caf9a8b063dbd032c691b21ea641a893aa794b3d9527ae3f21ac0d9975451b07888536a046a7984849199496468ed9c576a2bf0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9857dfefb69666f10bca4d630031e31

SHA1
2359ac457ebb12fcdbda379f30403ca3a087e3ab

SHA256
1cad7e9af4eef631eddb8f82d86eefe7c5ad0fa62e119a9012f1c2ac06f0cb16

SHA512
98f6a47827a61febb0c0c3fa1d2788f8d4f03cd8904b96083097bda68aa5b4eaf6b9e8427306d70d72d764f409c095b41796ddcd2f5cf925f56597d8dd4b8842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0969564842426cd75e6b870a61202b73

SHA1
6a7f2de23806947a2cac94b6c637f1e2c98730ea

SHA256
ea4b2e87c7b99ad2957cb749d26acf06481bcbd390bcbacc85458209f631cffd

SHA512
d709a637256a153fbe999dfc9ee0ca7a28e4e425d11b53e7805cbb08c13cd92b4aa18ac372bbf4407c7a683d4ac702e77aef90e7ad9f5413a1bcd74dc7893de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
06814b59ea46b5b621f225b4c5f50fe9

SHA1
d83e180a10d0c86a2d4935627fed3dda43d4a9de

SHA256
8c1b97bfa0c42fb6afc6f4587c5b2089f22c4b1977776c59111e8a41c3689e64

SHA512
a32add58ea4fb2f49fac4067e89e6f0da1fe31495b338312a35f5523f2d34b208a79efc7d05c84d48fd1eed706190b02fba0bdec9bee1b181df219f34c0714a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e8c0f90c45e60668463c80f3aaa5cc67

SHA1
94ca8c9abe69bb3d61045c78e2bd37895a314830

SHA256
03ff20da305876defe4badf0b6af71f535c1e50549bf6d3e177afd8909b10747

SHA512
e68144d6f13afd75a209d02821bfabf1cffdb09ea3777bb6bb626e9caf1df830be4d85f3c8d6de43dafc616121889bba8390065f643301f3f1fc5511d4256544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5de5e04d0785ebb4b96d2edf997eabda

SHA1
de2593c58f87471ef99265b3397472408017eec1

SHA256
e95d61695b8533f5ed8bf8171eeda340351b49e9eee1ea7283c310f371882ba8

SHA512
466b2ec178f8b39e7bf8e7fceb3445e1cb3d6cfb0200752ac855da070529bfdfbeaa7dedf63f2b8371f927d36de6ef37d59b7f9429ca771a3b2ea22d3e5d7526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f31934b01c4cfc87dad7d42c682afc7a

SHA1
a7742ad2ebace43c6ef177e1c0374708b4069aeb

SHA256
ad3cc88f4d0945c08c66f8cb7036dfbdba3a3879c612cde2987b964c357916b4

SHA512
0e27ce4239cb5031e97ade2ce3410c70d33ea902f405720d412ee7126c1b762137e832f499b2d9e9826e4747eecdda10fe1445273a188b9403da34a4647f7c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
2af12f1cf0cd338e96dc9a44c476761d

SHA1
ee8e25e74f54832c66573401ff4dce39e00e4834

SHA256
bc9f4ecf21c13139f9a3bb502d8da6b8fb0a2bc12724cfe35a52a38dd1aeed90

SHA512
b33cb1b72d2acebce16844474141bf2b369c85e89c8bc63902e265a0bd6193fe5569ff1570d53c1f91997b40eecbc259ac3a6c8af7438a04f6ce6c09e4c5b6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
f1d5f337ca113747d6b0fad4ff6c3691

SHA1
1807b080ddbc24a9cd5e7f0b40dc28e9bc426194

SHA256
1cdb899873751e98ec7847196d3cbe2ee13f1b015b3d438a30da8c46d5d2e2a2

SHA512
6d60d66006822418ae06537afa08702bb47800e6f1cda7c28857cc6537b0fccefbcbcc8b8864b4cc5653ae5a06f11f53efc9be3885bbc3a75fb4c169fe5a24dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
409cc4c2752e9d94b2a61eb863a7ba3d

SHA1
53c3181c85e0bf435e594f23515219c671446b25

SHA256
1463f2e92eedd25c249c65e967541e355441ad72990a5788ab2fddb6738f1006

SHA512
5f4a96d49fa78d1194b4be671b474b64b3e7f091f256b0f5fe1f55bd2665dbc36c0b8e7a3c33aaf52647bf7313a8a46fe34fdd78451505b07c5854edbbb2e243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
edc1e0a069bfa44e4a2699673e10837b

SHA1
e90737902596b9476cec06af4156c0614977b5a9

SHA256
8b9aea89723126a9349a7575f1b1696391420d4754bba9b5a767e26119716f92

SHA512
0962598894d2da48c4eeb895650db3ae095657a785db5de3d2686d3c38345993f6122ca34fef5a0d8ee4b1423908ac62e2193b2381b675a9ea2d240db71ac8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdb0.TMP

Filesize
705B

MD5
37f53d716d27dd8999ac551b540cacbc

SHA1
cb0c423fc4fb7ffc005ee8c4de3a2843fbccc194

SHA256
1980b3b22b6449baf37d46c06649708a832f0e77f176b0ab47c0756e5e43eb96

SHA512
e534433a55f0ee0136636d82e4d012e646c60e78e8fa821bcb4b73d206117950381d071df17f0742c1a729d90b9ceb77a6ad77095143335f0224595407043a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d9937be9c0cd2a97bcf0abe6360f368

SHA1
cbde743bba18a33a24ed869ade97068281cc5807

SHA256
15b1b77152372e7b2daf1d93d0add1947118dc07e4836ff214a6e94b4c591c63

SHA512
1ff2726f87898398e3799593419ec15d623bd2abf6581201022cbfb092ffe11a544c0711eae6047ce5ad074f38589720ecad4f4513bd4e37c3cfbedaee992ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b7ec80e235f6e67757fd4cb41e0b6fa

SHA1
e0e0175d65d62e0fe94a18f9b50f426dbf9dbd50

SHA256
f5709a0a65b4ffc174d3187a0d9069a2c089f6d061dc0fc848f7541592978541

SHA512
46a0ca62d67eac1ecd0d8a2376d576ac7951088d7594333f8d76cb660f0e102a0b41bee7eb9dba0c0769474d06cc2f336ac8c3f12d1188869b0884bb3242d864

Download Submit