hxxp://fdfdfd | Triage

Resubmissions

19/11/2024, 14:02

241119-rcl6as1qep 4

19/11/2024, 13:52

241119-q6nesawgmg 6

Analysis

max time kernel
146s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fdfdfd

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\24943fb8-6a7c-454d-a2cf-f881e4d677fe.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119135300.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
1520	msedge.exe
1520	msedge.exe
716	identity_helper.exe
716	identity_helper.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2332	1520	msedge.exe	81
PID 1520 wrote to memory of 2332	1520	msedge.exe	81
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 3772	1520	msedge.exe	82
PID 1520 wrote to memory of 4772	1520	msedge.exe	83
PID 1520 wrote to memory of 4772	1520	msedge.exe	83
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84
PID 1520 wrote to memory of 4124	1520	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://fdfdfd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa301a46f8,0x7ffa301a4708,0x7ffa301a4718
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x110,0x114,0x10c,0x12c,0x108,0x7ff7ac915460,0x7ff7ac915470,0x7ff7ac915480
    3⤵
    PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7847941003916937574,5414295672731814610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4e1c0b01-e256-4016-947b-4211fb3edb42.tmp

Filesize
8KB

MD5
2eac1f20b68eedbc8671ea4e1782ff1a

SHA1
b6c52da4de86ab919dcea94d890e59dfd3cb5499

SHA256
cff56265a1fe7fec8591f2e1aa275a7bdc51abd5bec800ce896fb523e9cb8914

SHA512
7d64090ceee56fbc934474f488eaf06df992d9c8c74248ef8aad765b1ffc9a54956dc7ec07e754bc75fb0c3f9858786e5864b01581db2581b2a87cc006a0237b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dda6e078b56bc17505e368f3e845302

SHA1
45fbd981fbbd4f961bf72f0ac76308fc18306cba

SHA256
591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

SHA512
9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6126b3cef466f7479c4f176528a9348

SHA1
87855913d0bfe2c4559dd3acb243d05c6d7e4908

SHA256
588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

SHA512
ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\940501d0-b1a1-4282-888e-500e42f852cc.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d625acd1fd76761cf2e66ccd28632f2b

SHA1
99c9ad8f874caf26d8b0bacc10bdc67919340c64

SHA256
3762d792c2576ef0b0c4da4cfdcd9cd7a3185c0c06259b0d43040314f7c9e54c

SHA512
b509e9e109b1c9f36eeb29ae5dcda332a8b0dc86d3dab6be8e203656fbb2a76d2c2961766337cef0f3903d768837bb66e3066ec6a0a4475a186dd202b4c68ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1baeba1f6f7dc5e576d322ab8895ce6

SHA1
8e65731cb9a231adf2ba0676cc0232ed072068d8

SHA256
bc7aea32989dcb122bdac846b78827e3e4ca1f1f8a029c14b749f1c0a0399059

SHA512
abd98410101a315a56d01ce42108dc4b2a7bf6d497b12f889a94d4475617b7bfbd4185f91523f187ddd7557afbfa3657d35822d9665829f11b095845fe5bce88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8add57a711da1babc30686c5f5307eec

SHA1
7c53800ad5859d5d3d4173bd98aaa7329f00d0cd

SHA256
4a8fd07952ec37a6e6cb40377653dfede83f5f8a79c2120b39350809b049396b

SHA512
330e40753a491a8039a591dd512ef3223ed63f638a746d29cf77c866398551c48f2d19a08a1f8a2002b1719bc92986dc8aff47baefdad126d5bb0b9ce454cb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
90cc75707c7f427e9bbc8e0553500b46

SHA1
9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

SHA256
f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

SHA512
7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0d8c8c98295f59eade1d8c5b0527a5c2

SHA1
038269c6a2c432c6ecb5b236d08804502e29cde0

SHA256
9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

SHA512
885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e3d7c63a4c28edbcbedca28b39760311

SHA1
cd0c63ba8508c9d8580b98414f3c9fb0fb25fc8e

SHA256
270ac571b423740a8b275140bcd69c420c06a9ae74a9c07606cbf63028561dd3

SHA512
ee5944190d20c33b25020adc5004f3e0ca6b3628c7a4f5e6ed35da06dd6e25c81481572c544dcd182b3c68a37159db5e5f2a5cee8078c22e30b8e3c2ca60fdbc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1f2fc56c4dca680353f8bdeb6f10cfc9

SHA1
e3f8d2f4e0844c95ddfa36c3320bfc4e6c464698

SHA256
dac47dfc9203e95378ba52103d4b25d45bf8ddd4a410fc398e1aea83bb81f6c5

SHA512
e69095aa9ac5396575abf76943c0e445c01514f308fe76cb0c7960275fd7c160dddaf7266878ebd6f89ab6f37d20ecd9a46352ba773598680a6007d2622dfb06

Download Submit