hxxps://gofile[.]io/d/tvoxvR

Resubmissions

19-12-2024 23:19

241219-3a6byasqcs 10

19-12-2024 23:18

241219-3abgkasqay 4

Analysis

max time kernel
481s
max time network
486s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-12-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/tvoxvR

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\14f5a514-f98e-4759-a285-bca4e8ec9b3e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241219232200.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4304	msedge.exe
4304	msedge.exe
1736	identity_helper.exe
1736	identity_helper.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 2320	4304	msedge.exe	82
PID 4304 wrote to memory of 2320	4304	msedge.exe	82
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4932	4304	msedge.exe	83
PID 4304 wrote to memory of 4828	4304	msedge.exe	84
PID 4304 wrote to memory of 4828	4304	msedge.exe	84
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85
PID 4304 wrote to memory of 4548	4304	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/tvoxvR
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff871a946f8,0x7ff871a94708,0x7ff871a94718
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff63bf05460,0x7ff63bf05470,0x7ff63bf05480
    3⤵
    PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10570272909845109704,17211733130392022433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3b681f1b553061b1d406dca73509e1

SHA1
1d0902a780b041766c456dca466ed6dd88db979a

SHA256
45099d50c298e321f628997d58aff82c1f91aa302cb6a46f5c8a2819a53685d2

SHA512
b6e59b2da8bce61cdb2f0bdbe6dd0486c68bb583a1066cafb979314c4c1baeab4136d9d958e9e9ef3a36b1d7988ae8518080b8aff9748c102d05646aea914283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
165b9ab5b6100e149d42942970795741

SHA1
873ef2b7bb080cee1f9eb80920edb54a235fc326

SHA256
fd01e423cf1b8c61bbc4e1c63f3cd70a81586a9d03a88eebd6ec3a16a1910364

SHA512
5ba31ba647b158325e7282ff6dc83e683b62895a1e3ebd5445a1f121d6d5fdee4b39164514f7c442bf67dbefcc7965c3ee946333e77047ced40df144aebef9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
560046228ddd11e3e2048534c295a009

SHA1
d5d5406d90b85acc714219e45ccf4b761443dd5f

SHA256
d6f79c2b757ddd3bdbab3dbb20c76f5799034df66e7c16a99b3719359a79c92f

SHA512
985fe5c35a539dbd10d89692532b517cd7127d4b9792af1a7e195ef3ed74ad473ed4542378f1011aceccafd81d148e522c85a71c39d3bd392b145a737ba790e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9d1da4c1d5d09e411a6db40ef129619d

SHA1
2074b119680f1f3a53c778c1d200feb7d32306f0

SHA256
f80cb9b2b2e08a96d777ef65ba86cb74ad838cbd66f4ff4fd1fd1812243b26ae

SHA512
ec54c1566ac2bcf4b040a387152b29799154350e52f0810ee5e4dcccd27fb9fa2030c2d88613a4fe0feae60c7835cca17b070139c105cf0479e2f9a685a3cf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
a22ac98703578dab4e089f7b2658181d

SHA1
b9d19070e3240618f659fde83c5b05c97ac891dd

SHA256
9d8b38da47c2ef4da94c7bb3ba34317f2f5e57f73db0c140396d2b899c7b7e45

SHA512
0b460999da4153be276491d1fdb4291be6e88c7c86ad074d5219dc7dfa9cbdf0f84299c2e7069c28a451a9a624682f84450acc2c69e47a78f04c3b4747863d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8f6977bd12a16f345562a81ccc2038f

SHA1
a055e492a5b01fe50cd97241743fbc9231d48fad

SHA256
b1a5d561a207852d1a5a83f1bc29c9f18b572da71fe093ef2d44a8309bce4286

SHA512
1e6c2e3f2ebb735f71e339d4615da3896ec6d59ed0eea4008d9bd1f60ea992add8ca131eeca5d775f0d20f3ffffa5be65e43c6d6ef5a6d2c5a55dd01e0ff3f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10c111372c0fd448f01d79166f1d5041

SHA1
33ad51dd23e01152de191bd514066d0bed915d41

SHA256
0078b053d00f63c9bef659defb6326868a8d4605ffdb3b84603836097955dd79

SHA512
d3b2e6217c639e96454baef2edc9a6807cc304c481e8622c7204f946099f45f1407ec4a6ccc28fb0178754baa4ef407633f3136ea131784734bb093358cb2343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24707a621368bfa3add33f33de4935e2

SHA1
b4490af15fa777c1003a5b99e5352f0667c9ae82

SHA256
58c07be47a0b0252d841f2c7187f9d4ec072d4ee09f5beac4a755d8d559a6b11

SHA512
f15843a14955276788ad738c82118b450224b439f8c1332a398db0b24e1c0651f6caf87fe47ddee4e0b605f9888cfd118c29dbf5c91c7b7f3481f0b2943337e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
524c0eba78201e8faad29c29d0a611ff

SHA1
b8d23f3f70313f9f0f8c1e293e70a3f8173adea9

SHA256
693ac11a04057152b30e8d26dc646186c3e54bbe397122b457374d92620fde52

SHA512
5481d83540551f9999d6dbbe94c7ac200b53bb81e5d9a5a94761274332a0b4e4aad05a9689fed5b9ad6fb2c1d06f91e2730eaa4f53950f8e14cef5cf2af452ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eeec2e8fdb3d10926be7f7f005a6add4

SHA1
ef91d915a57451a526ffde4634f1152c6a751104

SHA256
3a35c99ef359936c246b01412cf6c3bd0a7b190fbfefa584d62cc27e6f6522b1

SHA512
c2044601211d75abf5bea962e73760289ec660326f7e8fce5a588a6a7672923682fa45a0876f197ec75c943d780bd06649d1810edb8331a293365dcc415cb4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c8a86763c76b4ce56c97a8e849cbe315

SHA1
dd180f6f29e2f821db494fa168afbaf625f05897

SHA256
97e1d945385ebe1601e8bcf40845fbe6ed3da2553e390e05f764abc19276c299

SHA512
2d36e625c567007c24740057a27891138d0b2c9a2d688f867667b4986b8998cb4e3f5755ea162c0a20e2ac7048347eb97cfa0e7e6ccebd97192276685718a190

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c85517ace29c5e26a31630a656c2245a

SHA1
cf621ebc6078fa6441a1c24d48290acd4b7b04cd

SHA256
5babec0c3ac367c356e20cd2a91b1e930ccd5aa3f4b0bbe08260fc6dbf382efa

SHA512
72ad0d90b0250448f81f9a33a56ead09e9442433518c487c5dc5fe82e41f4b84d1ead953a983ddb670de4beb84a57c4144ba4f3d9c25fb67cfa256daee7ce365

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f7a51cefbfc06b62301b2ce42715fa14

SHA1
647b1b09c78219e466a582c7ab2166fcc200c269

SHA256
cbc9e19fd1f97201b46e009c4c77bdedbe8e8f1638ddfd71b5b14228e3cf44dc

SHA512
cec7caa6d99432e788027121a6f5910085e57ea06aef93ae78f662e5f8fb5aa48a45a9b5ee780714fe0aee5df26a72deeda03fba1b31a09ebf228183fbdce311

Download Submit