hxxps://goo[.]su/nitro-one

Analysis

max time kernel
204s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 12:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/nitro-one

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
996	msedge.exe
996	msedge.exe
384	msedge.exe
384	msedge.exe
896	identity_helper.exe
896	identity_helper.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 1404	384	msedge.exe	84
PID 384 wrote to memory of 1404	384	msedge.exe	84
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 4848	384	msedge.exe	85
PID 384 wrote to memory of 996	384	msedge.exe	86
PID 384 wrote to memory of 996	384	msedge.exe	86
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87
PID 384 wrote to memory of 2764	384	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/nitro-one
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aafa46f8,0x7ff9aafa4708,0x7ff9aafa4718
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,4335150396402675840,7639348775910188716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
c690ed191fa4fce1e21b9ca1483acb16

SHA1
b6d1180bb1c2451db04d5fdb4cdc4a2e8211cce0

SHA256
c766b68f2b75e2e1a630feeab24c094299d5b113b04743370de8ffc7dfdd68b8

SHA512
007c61607c8f5c52c918e5fe4a49d9b95d870922f861353ba2e0c81516ed3e9acb6372c3c0156f198abdcae808c29b2d5d556eee00e2cb70533a08c1b070b23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ffa13ba9afe87dcfd506232beefa3936

SHA1
7bda7a2f39aa697a6ae3bdd20b7305d1670de794

SHA256
7cbaba70d58ddd80baa628ee029a0abf92455471071a4f58fba6f43684c1a60e

SHA512
a846f718b2f7022c3d86e989159bac2f08dbb227be3d926f03229ec99fca74bc88be8506628ca2b5bf702200ff43720da61cad8a714993276d27fe03bf548986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3798732675d4e3e1c11db51e1848ac6d

SHA1
ad36db20534c2f83e2b4241c9169e9dd06f91b95

SHA256
ea9cf6776b11959c79e6b60e79016234306d7766fec9a7662d685ce8e08f37cf

SHA512
c57929430a59e0f40a23d078e1486add9942e2966367bfcf546d797ead6fb02fca3501179c2f3993c8358b2279763ff6a6a1b8960dc96cee9fe8ac624fb24eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
81c85102f92d4fca26436684876d078c

SHA1
3d9ed3dea166e1e3d5800c081e31f586b86d2e03

SHA256
f4a53b7d57498655c30fd7789af201f86df1d85d60498fafb38a545143933052

SHA512
c83bf933cedfa338b9fea8dbdd02eef8b9d390c29571c219ac12e1604dc0e9e23eb22bef7f82b58c04e4b845882015e7b69987a06bdab134fd32063abee0ac4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
37ee33083c21d0daa565ca694b75d819

SHA1
5e9625b63d104800f4195aab57cad41c5c3bbf48

SHA256
d4f0af31a151e2e8d32a2faa55ca2c8ec0ffe53ae557ef3cc4516ee86c033205

SHA512
62a4a6881206460e6dae49c32e32f46cdf9be4212899e3155e597a847d9df4309b13d69c1830f56280004da80b59d7ddc2e1effeecb763cde19b818f6703c8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50d0694aab5517ba6a728076a1a37dd6

SHA1
cd96592070037ec58ac28f6d9f9af627655178f3

SHA256
ee3585fc4c4898d22699c74a841119f930c587c34835f35616367eed9eed12ac

SHA512
7ea6be4f5402d2933cd78c58cacd71fd102ce0850309a1fca6a3048c9ab27f16e7fd546a917d6e9914ef4230c357d6f35ce03ed5092b635255b4bb1ed25350eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b791db105f3f6a7606d586ce6805ca23

SHA1
26ea60713421a5d5ae8dbee1cab02c08d450b049

SHA256
c9906bdd5000ba3667d250fb9b536aeccfa9df28c750ecc9e2d8f09b84fe5fc0

SHA512
c6d2330783e59ad00d74864df5beba99d5f0a73ea839df1144cb8be5a6586aa1d5c67a7fadb344310d51eba154546cd18d49af6e23321b7c0326f43dbf3877b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4919feea13e922252c187e173665e6de

SHA1
6c150d75b0ac373cafe98595090c07963e57131a

SHA256
e6b825ba831978a314ef9bf1340f6085f3055d72f0bfeda7654c5a6f763180f5

SHA512
1f7f18b1166089e35df56a513bf44493b130eeef28d70f88a7bf453005c73d577566b45008873555cf8ebe46cd765985e2e2e6312eaa03908a29beed1571e48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4c60345db250047c8502612c7b89155

SHA1
7a3122b41005d48b44d6f89f121c3fcee8743b12

SHA256
7d6b36452054a3ca66de6a92022722f602614d9e82f88010aa91bdf63250242e

SHA512
03ce82e60cc95aa5a5070da69fcb165441b99afb5c446f382f525e7c16d012711536dd0cd5fe20f29d210b318dbd645515a68c97a596f82cd21d703483fae8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b59933d6f5b6e533253b4eab16110aa7

SHA1
0c5e0da9ff3720acea32b943fa09ac555ff47cc6

SHA256
7d9b73e7b78a5750016372c3f4b96b989dfde8fbdf684db125f430be21296b76

SHA512
4aa97cb6c498e71a4fd0e857cc927f8267b5aee3a8fbfb558df135445cd9ad0feee017da0bbea5aadc3f85fecc147a8082de69a87cf44a298f92295804925909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
a4b4c249aed295a81c2705cc3726fb77

SHA1
a42b8e09d5b0d1d20fd1e860de1e0a822432d3d2

SHA256
2b61d8a76e730342fc82af7708dc2d88d1f5e1f60ee7f39679e8c0fe37c318f7

SHA512
b9f87a871330a39a78a72c0dfb52d6b68eb6de7350647a1b3fa3a594dd22e05dd8f91e482c1ab433ee3542db0cf21d71cbc47efda95494b6ced4f402e3725536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59be07.TMP

Filesize
371B

MD5
a68707ecddf6420b2a540741c5dce351

SHA1
5ca794bc9ccbbcd688feda4165006003cedb775c

SHA256
e5500452e437e4cdab74ebe5577c9b03531819fda40f63eeb9ba72b0a2b8a400

SHA512
d8cb2a3c81e6f53d0d70c24b9251ba57f8fba503dad80eefb3cf8fb8c2462838360902a3b6840787397ac45339df0ef4d194ed6f253510308719644edc547936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c85d92b6-7877-47ef-a1e8-46a8a1408c18.tmp

Filesize
674B

MD5
6449c8a7ebe72aa45c22b6eb54cd20c8

SHA1
32701f1ff259897b480427bbd241fceeda2d3185

SHA256
5ad1d6c89873cbd2971bc0733c98a213d51e953251940f15462a7ab9173dc8bb

SHA512
282273687b68880b8935c46ae434ea4de0ba033ea737067cd07cfd6c30bc2d7c4f6ea2a5fb82702d3df90fdc3a74a60c77e4de851c2183b0e6df1b22436a6f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
999c0879109fd6e4db0a28edc10c647d

SHA1
08add44478d4521bdaba7ac7528cea92b33b4c34

SHA256
561a097f0e630642108db0c8c49b9ad62e76eaa1d46cf9a1a7b697b76d5f843a

SHA512
50a59573899d7f55b5d90f95c8fd4ffa88a95d4663def1a9b5a5f57c6ab96767a7bf3b4d864daaab41900e1c3be19264578dc4e11a0b2ea205425419c8647148

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit