hxxp://gifthub[.]click

Resubmissions

28-01-2025 02:28

250128-cx5e2stqcz 4

25-01-2025 21:45

250125-1mkjwssqdr 10

Analysis

max time kernel
220s
max time network
213s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28-01-2025 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gifthub.click

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1f7d6abf-61c2-498e-be5d-c1205ae26f87.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250128022831.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2504	msedge.exe
2504	msedge.exe
3096	identity_helper.exe
3096	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1184	2504	msedge.exe	81
PID 2504 wrote to memory of 1184	2504	msedge.exe	81
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2064	2504	msedge.exe	82
PID 2504 wrote to memory of 2044	2504	msedge.exe	83
PID 2504 wrote to memory of 2044	2504	msedge.exe	83
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84
PID 2504 wrote to memory of 4420	2504	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://gifthub.click
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffae48b46f8,0x7ffae48b4708,0x7ffae48b4718
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff646e75460,0x7ff646e75470,0x7ff646e75480
    3⤵
    PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=220 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2703451323368591613,9003160595087595085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c2eb126a03012e4645cbf12fa576adb

SHA1
f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb

SHA256
ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec

SHA512
40008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
501a25f290332c25255eaaf70ee6f240

SHA1
23cba10495d7098ad6de6936cf31c1b0eefd1246

SHA256
420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc

SHA512
84ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
f11493f9ae532fdd9de0a84bdde8241b

SHA1
6b5c8bce0a0a1d5b46f608e3abd6d0e4089a7fde

SHA256
5df359f1305316b891409e4a0787b50e862154b510d8da32ddf13633dc99fdbc

SHA512
c11262e0f0b0ed012c66c09bf0dd75bf0a987fb6dcec1e7474c98ed31fddc066e26a267d05c30d43e4849a24b24ca70d58fcb460978474998b4b7eb8fffbb8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5af35a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed651923a422e9c74a4d989079c6d5ba

SHA1
7d58d19a23be0c851e036d8e1cec0c0487fadaaa

SHA256
a190a5b8e2f0b39548ca51d4fcb19d4f48879a88e4f69c11e3ce1676a321650d

SHA512
7b64d723a055d2906103202d77e3347bd834043ff9d72e0d388b1fad164a68b85785ff93a5029e18f62558330fcbdf722926818886dc6efb068fa67262847137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc7374c949fbb38fdb4ba0e31019f4de

SHA1
49b079c4cc302946cf85864286c697a4c46447c6

SHA256
66909f63dee014d5df92aee80db64354d28ba2eb4827d98ab944729329c3ec85

SHA512
ff1bf7cc15061606690d90c89010c60bf0acfe429047eaf276bb2997b88c992e8d491220f82fea67fdb33700b5dd36b072214595dc9a5833415e39fc64599c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
924a0e0a27b7dfab7d585dd6265e1312

SHA1
92a0492a93f22af2e41be3bc2b622a72bc46b369

SHA256
fa898d27ff8c819185f1f68fb77a28b7df2355e5226fd0ca65f62028e92ea9f1

SHA512
1f16719b7a156eca1bf1a8cae9c465ad61d00723d5e97b863f62ff5952ba70be8f3fae007f0635e5c32edf1fc6e583de39bc36a70d2b44f68302c1574b003526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1299e8c50fcefdbf4ab0f276fde9d834

SHA1
ae56c5ececaab7ce7d2357963fb3dcc0e66402bf

SHA256
8a51ca56c11ba6666fd43a8250eb775b10c4fa32b76ffbb4271e398b99992be9

SHA512
382c2726d8f69ed7c68664952c108118bbaa0fbd7780d552a094fb3ec8c06aeae09b5ab41ff507cb317430a45b3d4f36186b3cccc6215ccb9a42a2f7327b3bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94ce4b2ff0abce6d838ac24a1b0f4e73

SHA1
02f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88

SHA256
06180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222

SHA512
b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ef30b5850d78b050b13ae82ee13c6b28

SHA1
25bcd922ab2c62d47c9bfac3fafcca08317ad8e5

SHA256
dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30

SHA512
f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1567461c6fb613ae8e7dfd15a5698fbe

SHA1
8b71615fffb59f1cf9fbc8188783b3ce8778a3f3

SHA256
8022afd515c4aa967715146b39be4aba1b86dba6c8bfda91db9cebd54ddcb8f4

SHA512
de18fa45c4f157235bae41c50a3303db54e0188cbd3d05b97bee2e1d48c7bd27f3e8eb1ac9314464c553f96dbf7a5a9740ee041531a54cdb68c6567d86b57886

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b6643def208b28c1cc90dc47e3cf096e

SHA1
8be8be1be5397cc01b87c4df6a978104461e53a7

SHA256
190fb12a448ef1cff55a9aac7e9364826e655f12d04db24da4e12e5352b603d2

SHA512
4b49d5e2546b815d56049029d06b115a0e8254309cb8d239c4e1f1c9cb9b28e83f2191c845871854f5f1115dd3e7ec4e093f48687187bbf945fa827dedc2ae44

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e27958feaec18515ccfec62f8f80a0bf

SHA1
8058f3dae8e6b0b1c1b794a502a1afbce252d5da

SHA256
dd9a9b9c230455c8f2cde9a60ef3f1b41f5148d7258a636705ccbd6bf4c408ba

SHA512
6fa508ca77203e30cba822eacfd6b2553deab3ce299844bd44e75b8d817df324f682281dd79a778bffef322d414a734973a7f15db1bad4b4898391df7b1914d5

Download Submit