hxxps://drive[.]google[.]com/drive/folders/1ypIR9V2IgH0E4bxaoJe2w7YX8nUS1deM

Analysis

max time kernel
253s
max time network
256s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1ypIR9V2IgH0E4bxaoJe2w7YX8nUS1deM

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
106	drive.google.com
110	drive.google.com
125	drive.google.com
129	drive.google.com
162	drive.google.com
163	drive.google.com
3	drive.google.com
17	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
652	msedge.exe
652	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 2796	652	msedge.exe	83
PID 652 wrote to memory of 2796	652	msedge.exe	83
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 2380	652	msedge.exe	84
PID 652 wrote to memory of 3840	652	msedge.exe	85
PID 652 wrote to memory of 3840	652	msedge.exe	85
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86
PID 652 wrote to memory of 2500	652	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1ypIR9V2IgH0E4bxaoJe2w7YX8nUS1deM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbe0046f8,0x7ffcbe004708,0x7ffcbe004718
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9909484713666620286,2674553769492397234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2d19185eeba5bec9911f9c3de0cb0cd3

SHA1
afdcf06655d2c67fffc8a7750d6e4c6bbf240a1f

SHA256
6af1fba26cdd93fcd6a57c81c668d66d75e84a7774caff7e00a031026f807b41

SHA512
33569ab94214f31babe6e324ddb8d7a3bc2e5118fdbbdd82314b87bc088ee038144feb9787addf0a8f3538073c9820d0be89d820f566b9b511beb9c03f668e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
00732f177bae9f5e7c4cd98060061fb2

SHA1
96189f41a1951a5d0592fcf82bf9ec42c87c28d9

SHA256
80da853c6477c28da822e550e22ad49ca3b702541df9cdd6877c615695a01118

SHA512
3a074e8897449ae05143998ef9641541bfc4f276aa107940872b14ef5aed236b7c7b928a2332c0e55e4477cec10adc66b1fc5a920cb005af40047d37ed6335b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3e5e0134d4dde6dddcc17882d989436f

SHA1
2f36b7f61af0e88a65e7fdc08d312590c4cef546

SHA256
8ed01263c4c511971edc89e2bf8b3c11e3a419a9c8b85f1c007bce29afcca0f0

SHA512
df185f80c3f69a1abc045e70a75cc8f9e54ee4e5f4cf706958e161589e44cfccb7ede394e6c513a2c2dcb8fce3acf4276b61f3f802145a48a949313cb64aa324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
023bcc14ae3d18cbd7a1d3858d7250d0

SHA1
10a2e966a1115ee4515a9f5f125252cb23349734

SHA256
e791a9ee0888b4c768a2ac1fe14ad3af196abd6c20927c3d598860cd30d8d12a

SHA512
bb78623fd98e48d56046f11c4692c5875f744742da7cad8b1bf804aa570c4f7337f35064cf4e94da98c8efc290e700a88e600ba887fc67bb33638e0f223fcf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a71101bcc326f6b1558fff5054deb83b

SHA1
7a247ba75f15c1d57903f40237565c0ce1f8bd85

SHA256
c567bc6dd445b31437176aba3b61cb5ccebb52ce165827517daef61468cf4a8b

SHA512
75dd324712772074787ca5375611f66f8ceae106053a2f0a947e4c65b7d253fd8b887f853cf1dcea1d2c5a741b0f01f9f6686ce32a18859359021c50837032a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1cff0f7ef108257a33f5dd9f34369f24

SHA1
a5b6f89019f5fcd75197e4bb9412e4d0525e9e73

SHA256
ce58d14ccd90228404d7bd7aa2041d808a2bee5c1bf6181d3ac3cb2b1be59b98

SHA512
649e8515da318cad3ee39cc9a788d4023e4e8e9b3cc0b6e1e832cd31b5be2d89d70f46b61bbe609f4d3d7e9656dfaed9919181bbf4dd66de230f8b04cc578c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba433757f98591ff1eba088f12bf0384

SHA1
6501c9948fbb7028d96fbe450e0e4da970239906

SHA256
cbc3241752d8ddf4dc55800afd64d8bc2aa073381e36a118b95c4ad42021fe23

SHA512
e222dee5561bf20792a7e31c3b32a11fc1f2ee449f05ae8a0c4247b1f5797e0a06a5d8a17ca4178c8b317db3433237160e00e1e1122696edfa4042e85b98628e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be1f5aeaff8aeb06f7af976c4dc3fda6

SHA1
a4c093d45606a7fec6621f7319f882d298f4d33e

SHA256
ca2b15a6c27709903c96479438c81d0df2c90b1db5a9e9886b6b13a3de27e424

SHA512
cd27ade70570cc81a9f1bdce5e439528fe5b46ff90f5c69a69784bf203858361840c5df8a01774131437e04f7a0a1523f59f8e9e0b5651f5257871099b9783e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b91600e756b59ecce7f33b96f24aa59

SHA1
c1851046e73d3d7d700c77820aec41dfc8c8129b

SHA256
52efa6dd2fd4321c4780ab80b69b9bfec7b24385ea01322884adafbd6d521645

SHA512
dcefc7afc0c5bc4fbe859cfe17e3057f3c55f67b95da4c615ba78476b14ee3a51fb4cdb7501e954cb8548e1b54687845c83547177411c0459857a4e4d1aa57a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
255e0dfa0f7e77d03f6178a47b6ddb08

SHA1
31f6f98ec1d0daeb07aa275c7e3e2f43485b6934

SHA256
bbbeea45b2678758575875cb2741faf619f617a931af0d7c877880c595042952

SHA512
29da7c4edb3dc5830a6b7492c65e0f661ec71a8c22ff1583d731efb11569f04a630bfffce4d03f26008de3bc60db02937f59bb4b5b680e6e8a697ac424f2ba15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aaccd0f663e9ec8aaf87edff51bb5131

SHA1
7c52fcb061cdc4a64bdcbd00e57afe0d2a7acafb

SHA256
3cab89348a9ec31bdb97ee33c912f11516b5727d5edabc42b03525ec22bd1cc5

SHA512
ec968d3841d2125f070fa4e01ea791e5d3d5a397dfda50c072cbee57a914fe3999d26237adb2872ef9e478453b237ea1664cdb6118a5ec43bbcadb1ea16e82fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
52bb454f43bdfba8799a35d36adaa10b

SHA1
dca683694b2946b3eb9f0c8b73b311218df8f55f

SHA256
614e1ddc11834a0f7a3fb04e5e87c6a3cc7035f5474c7b963455cab82b0bab21

SHA512
e2acab308d07fdce4f2d345d01892c3c5e29917144f3350592c2eca6c8ba60b3e5636aedb64f6d071ea38ba748c5a62cc4b1bf2d27ff3bf14f34da2b9aa92d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7d73631150b234f7d89a432c40ac011c

SHA1
8ef187926f251305085bca7d16fe7fd786e129f9

SHA256
3bac4df11f1a659eef74bd811b13c93b027d1d2bfe0063dd30bda2b1342b05f6

SHA512
997f01613ed8b2dc0ed31c6af922eecdf276970c09cfcb93fdb5b2d27711f4b8ad56b342355e67cfcfe406339e87112e3e47604778aac62451496561f0db4f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58774e.TMP

Filesize
371B

MD5
f289ae288f027deb26270122d17636fb

SHA1
e1305e7df6ec87fbca358ff1e9396b2fbee8b8ac

SHA256
d6e701132232214a73ca0ab04fa1110d9623985833bfbb77d9afd34f2aeab22b

SHA512
52e0936be19f32f9f2f2989599a6b8d1c4077f972481a8d3b394eee8677950536ff8d4c88b9061de4a9803e4f7ae7491762ae1cd3aaee66b1668fd64ea76e988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37a6d2e68bef0503da0ec0c3e5410c31

SHA1
74deb528ed9cfa4aff84ae9939ed65ff8607afe4

SHA256
a580f6cc684fa802bc5a6f5bb33c65104c6b145107860490ab786f4f5fb2a998

SHA512
842086053cc05f6eb42f859a213777666406ee699bf54555d817e8efb6c5900feb01bb2f5a494784068dedc806447cfbac5d6282232829a1783b9034efe3ce60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d2c37d823aff8a7be69e6f6a480a7be

SHA1
f4c364a0d200fb47313d4b6d0a3b5225d1736654

SHA256
c35b6dfe51eaef8313f60caea5c03384eac8e6d8d396cbafba472546779e594e

SHA512
664a97e75a3d7cc41b47e51b57bab655b1dc8292f419e36654d486fb9c9074f60844ed44dc94719ce16d660612bad628072499c6df3ffdeabf0651613a2e6c16

Download Submit