hxxps://cdn[.]discordapp[.]com/attachments/1267410065145593918/1267412602447990826/setup[.]zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

max time kernel
1681s
max time network
1685s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/12/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241220130623.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\38d319ae-c0fc-4f16-907a-bbb6eb74f967.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3608	msedge.exe
3608	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3280	3608	msedge.exe	81
PID 3608 wrote to memory of 3280	3608	msedge.exe	81
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 2552	3608	msedge.exe	82
PID 3608 wrote to memory of 3404	3608	msedge.exe	83
PID 3608 wrote to memory of 3404	3608	msedge.exe	83
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84
PID 3608 wrote to memory of 1796	3608	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cdn.discordapp.com/attachments/1267410065145593918/1267412602447990826/setup.zip?ex=66a8b177&is=66a75ff7&hm=25889dd9dddcffc74a9bfa5301612c6e4360f1a057c5e7506ad1fb4a2463f0c4&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa232446f8,0x7ffa23244708,0x7ffa23244718
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff78c805460,0x7ff78c805470,0x7ff78c805480
    3⤵
    PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2864654895203837923,5385205550650004989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
b263520ced6bf05d2aad591dc66b4da2

SHA1
6e965d7e66e430a633a56ad932e6e79bc95c46fb

SHA256
ba6ffc91b362378c53e5e802ca7f59e0da6ce194d5752f73f5e86ff69f75199e

SHA512
9c3cea28afadf53c5914fe3174e015f65af575dd649fffe1b66d03e4d30053684bac609a5f6b851ee69ecaa1999954aad86bcb17d88954cafa01f7257633c184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
476B

MD5
547f1c55b474052a4760c3dcdfc35c67

SHA1
8135564332a6c692551bae38b6edc95fd3cad7f9

SHA256
46a8c8826e78b96ee7ee91c4494b112b230637b7031751cc20a618e1ddda563e

SHA512
5ee5130b3eef2cb2bb89128b04a4a3b62ca15a000e2824c47bed12f2ca08f628b6b2ebe70686fdef68049c0d73dc6e55c2278f794460eee4f1e254d960c42f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe586f4f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bf81a3e1005ecca7629a93d02914924

SHA1
aa75aa2ff756c863f3cc157b54b778ae517b8524

SHA256
82634695942f91d01bf29754dfaebdf7d2c00f5adeee6bff02826e34af58496b

SHA512
2a79437a7dd1bc4c26fcd2588e04c1b39958051f4014857c99d524910f71b6650bdab4a2360ddd70c7f1b06913a5e37aaff45eb2a965255d10f809098b765a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b791c19839306c6012996e84528eb22c

SHA1
a1fed68cd0a5c9f5d1b90accef7e70028c1e0fa6

SHA256
0412f6c10bf34e0ab94139494feb2c2a10fdec91e87863de20dac84e3e9b64f6

SHA512
0478dbb2f0fe43a2ce7a99d90de3ed58062d0265211f0da37da3af58ee0c748cbca88a16c41049abb31b7d9e4d0c9a9eb3e0c11b794ae904eed27a5f57847984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8ebea79ac9c209bc74cedc54ec2c0a0

SHA1
deb3c2ea57d7a998a93f680ed663a4ff6571760f

SHA256
617e391600476db5e59843bc464970078afa41195badf70d1d4e7641bc29da8f

SHA512
9f426f582d87935d64f41ebeb69cd3066587875616623645b80422e53b0de2fe211f083b5a90e2b6d82ac976e24cb4272b5eca12ef43ee315f563c48ed3038f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
890912c76f57584ecb065ebdf2c6523d

SHA1
a4fada97453b2e69b24543c40ae092f404290b49

SHA256
5ed53c67d335d396e9e7f3136dcc9548a4e4527b1bdfcc4434568629147fbd2c

SHA512
2e1a42e2e2bd45ca678c567c195bb8373a931f8383446395090d1e0e4bb3fbc41c4669bdcbea1366a4b20077d33398a10aa3199e24c294eecb2e186bf93f9537

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b7a59624ecc05e90e4660122587868b2

SHA1
d900a50ab5b1f1a445a7e8a9e98aaa375f909156

SHA256
c4b1e3780f5b290c116fc119360f8c09b1e0b442299b5af3c247138408dce022

SHA512
eaa7f74087642f3cf6c9ef1ed68c6a47b6a7b0d45308f4ddb2da09e2c1a4a86c5acaabc229749faae8150310fa35218f28a707d8b5dc4d8d092931052b766e47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
19ec6f737493fa14f68997a003947b6d

SHA1
bacbdcc504db330ebf82ba08080a8c12eabf95e3

SHA256
7ba63f17ecd2e7c707c607dded0fc272d8d909a85c81148495d8ff31d12a8eba

SHA512
4c60fef9062fd41f1dcc6b0da68dd93a6f44c2bd63d1c5e607f27c0c93f8a0b35e78dd0d69bf9a0cad19e1ffca3332e11737dec1d2b2f582fa6636d09304b689

Download Submit