hxxps://clubelivelo-pontos[.]info/pontos/home[.]php

Analysis

max time kernel
32s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2023, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://clubelivelo-pontos.info/pontos/home.php

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\cb67a301-3334-42c5-a204-4235a8db7e07.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230521174940.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CF995BFC-F7FF-11ED-8FFF-6201C35E5273} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4688	msedge.exe
4688	msedge.exe
5156	identity_helper.exe
5156	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
632	iexplore.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
632	iexplore.exe
632	iexplore.exe
3756	IEXPLORE.EXE
3756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 3756	632	iexplore.exe	83
PID 632 wrote to memory of 3756	632	iexplore.exe	83
PID 632 wrote to memory of 3756	632	iexplore.exe	83
PID 4688 wrote to memory of 724	4688	msedge.exe	87
PID 4688 wrote to memory of 724	4688	msedge.exe	87
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 3752	4688	msedge.exe	89
PID 4688 wrote to memory of 4824	4688	msedge.exe	88
PID 4688 wrote to memory of 4824	4688	msedge.exe	88
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90
PID 4688 wrote to memory of 3948	4688	msedge.exe	90

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://clubelivelo-pontos.info/pontos/home.php
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb44b946f8,0x7ffb44b94708,0x7ffb44b94718
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff787b95460,0x7ff787b95470,0x7ff787b95480
    3⤵
    PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8134821101791418500,11191558156143738292,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8159fee64c5eed3055149e591998cdcb

SHA1
b5714377aa1626e33dc89afcf679693e76d63095

SHA256
d8f8443215bab6804a149496ac9855a87924f7182b39485830ee77ee7e39a0a1

SHA512
8f671e7d7b629303dc92e37ac43f3419b829ba38915ff57c96ff8d272446f18754e628aeee37dfb671196d8d865072b416873ec5129f354d96ac0ce7e30fa8a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
cfbc16e33dcbef6f773f0f79af528f45

SHA1
ecb8d5e8107bc671dd57fb2a137c00bffa419f1f

SHA256
f0937890fb1053069baac97b7992c6d22cb74cae20317fc05d51070d96950ffa

SHA512
59ac2ead1eb84edffb06867850beb1e63f72c5b5415abd2fd4e7c2a1922c368f612d2a0288c00e32d5da47c4a77968ffbe72660a8d1f577f44fb20df9c11a4af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9ca06d0da599dcc73c8535037a200ab9

SHA1
1c9c3ac040e5fd55db563a9c321419a9e44bb812

SHA256
0163d57578956454b3c123b68516fe2d5e3b6fbf9ef199a0132856d18f40149f

SHA512
073758013757eb5dc78776bb062de1b7369bc8c20e1b2b49ab52a0f0ba62648e1ee4f79762d8550e408bb257b297f2888b8291f66d4a46412b482a3f66763ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
a8757783346ede6710ccb3a7b264822a

SHA1
ba4ccb9a589134305a3a199249ac0e5e1e6a6159

SHA256
cdb20b462fd3cdc49aecf0edf43b2fb73b56337f824844df022239d714f7da8a

SHA512
b48ebb4b1c02cc3b11261540175bf95ecbc256a5f773e67b1a21985252d78b3da8879e6ad167119879809dc57be43279a54eeb346fb9f949fe39fb1375ee6b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ddf696e296cd167e1170480868a12831

SHA1
912ea14b1b40305de5c448dfc5d10c66c37b909a

SHA256
8d2ede9d3b17fdf365ff998fe55a993a7429f797ffdfb4d61d110ec9e7946f9f

SHA512
41aaa67bb35be2d5c6a6c818673221da0dfad0b3b8ce9ddf0188f2d35b90985d769a50cecd0ba50efc1a55bad0fe0af96a3b9f5b97b63c364a38c43ffc3fdd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
58e71bd5e418a6db151d0b04872ef322

SHA1
f723ef79a9b1f39460f75ca171c376626af40630

SHA256
4e788631f43a8a014f79798e157f923cc840f6e12ecb7216f401c9c202a5b09e

SHA512
d9bd1d7eb6c51f8ec45c9ac6a38baa70fd38a22c6581ef99a699bab5ea2c930d66230ef6416ead8ec2b37692f79915c17d2da9736fc1c942e27e007ca9a2976b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
035b1fc4c80ca12e389917f3897b2fea

SHA1
c8db9b38695c5711493790e3d0aa126b4569a040

SHA256
dcd847608cfc6ddaf0b2f979e88ff52a0f652123c2423c6329562b01e527c07c

SHA512
e92f686d075a1550c315a675ec574d3972f60aebabd64c2f3a7a04428a03aa22257e76a892eab3c67fa478ba4d19336a324797570537b1e98a59851c69000ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
69b72d0a4a2f9cbec95b3201ca02ae2f

SHA1
fcc44ae63c9b0280a10408551a41843f8de72b21

SHA256
996c85ab362c1d17a2a6992e03fdc8a0c0372f81f8fad93970823519973c7b9c

SHA512
08d70d28f1e8d9e539a2c0fbac667a8447ea85ea7b08679139abbbbb1b6250d944468b128ed6b386782f41ca03020e3a82491acb1fe101b09635d606b1a298be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5803be7d7cd902b0514c4c47f3083879

SHA1
f50a2b46bb2c83b6f4b9bd87c07e9f1541f7b0cc

SHA256
037518de2bf732a2f94167dbdefa5f8786e95aae93448fae6dd536f3612fae33

SHA512
c6fa79a832142775f32d80a9f575dc5c23c2503d4183cc05c7fd18d155bb33953f8c7749730c9f199faa2d2d328c1efb41bf10718ce1ed7762864d2cb95c93ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a33cd7733a11ac6354e3c20cd01e4bc1

SHA1
1b4972af3c9a4e1ba640fafff4de4c5f3ba0446b

SHA256
da5d88417eb5c482a9f5af41aa568508e1ab1bde8e2f6f6fe9dfc5389a48cb0a

SHA512
5b7383bd2e9dcfbf33cbeae46f290b0fdff90e9e9ac41280cc43f275ad62a0be1909b91e9a3a79564096388f6e61fe0608707d2a87cc27c371e04f7d23670d1c

Download Submit