hxxps://u[.]to/3w-7IA

Analysis

max time kernel
147s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-10-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/3w-7IA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

Processes:

BackgroundTransferHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3328	msedge.exe
3328	msedge.exe
3432	msedge.exe
3432	msedge.exe
3096	msedge.exe
3096	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3432 msedge.exe
3432 msedge.exe
3432 msedge.exe
3432 msedge.exe
3432 msedge.exe
3432 msedge.exe
3432 msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe
3432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3432 wrote to memory of 2700	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2700	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 4180	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 3328	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 3328	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe
PID 3432 wrote to memory of 2272	3432	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/3w-7IA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
2⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
2⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17457281103834227370,13079643369695736760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2652 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
ce806ac1566b83ee2330487c2cd99018

SHA1
90e8d5bfb9ef5fc2067e6f886f3405e2b140e481

SHA256
6469f2a0444687f8043b0011c3bdcf47cd3b35b1552c036e1e19c09e04d6c782

SHA512
44dc90d872d3af122a204717c4a6ba75548029e0e71e4cc48cdc1109266e48c41173b285d069298191792e188fda666ef0545a535e3225842a0c1dd1731a219b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
420B

MD5
cd3bfebcb4dfcf3563586452a3ff846c

SHA1
25e5ded3315ffd909647e15e53b1e843d6a3494c

SHA256
c0b7b177bc3dc00430e8feec8e5cf6f942c3741fc6b29d82465355cdd30004b8

SHA512
b124bc505137f89592d5198247e9a772d9d639a80bf33e63ce5d96b67c6ea38c68d229526a24ca16587ec597400fc63869d5fc1ac01b3567027959b07636512a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a61f421e83ce87a6ac0eec2b50f28d9

SHA1
7b04c1de707e3f94e1eb0f6a26486137ef2469d7

SHA256
6c2933ed57372d4d048a81bce4fdedca6a5a31413dd66f2cd01467e9a065aa3e

SHA512
4da41ce03691d88e005a87716c49b303dbfd875bcd148b92c94bc4dff2c0be2a64886ecd5e7dd27ea97bbdbeef0a141dbbfd600404405b11713a076782d5cf9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da44a9672a1dd889aabba9becd399934

SHA1
c65fc30a36bf7aa2e3f7022142023e13ffb25296

SHA256
faf6b5db52621903a8f89fdee913826c12e2a2e409c63a5e4b219a9dc2b222bc

SHA512
235d9aa93526b0153ff5611aa079f90033836cc2395bdfe4f1d15fb479f75b3c41fb56496708c0f92e7428f9145dfc0de9514d440d357f03b1d5b3944954f646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60cfd4ac08675f45b1904f23bcd099fa

SHA1
1763b26d6a2e756d5521043eadfaf477640b04a1

SHA256
3fde6d37ddf13a571342a7a7a09865bd572f3998249f308ceef3afb39a7ceb5a

SHA512
58c32357cc82f9c2ab7b973d8731a2e9ef974b2488065f7b048148a95808e04d7e7fb1257663033e575ef08efd0dbb5fc0f1497993a2c273888c5b5074a4c66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0acc5348e75e96735e1d09a53166a92

SHA1
013cd08f29345b61a4368cc8abe0c6289aafa06a

SHA256
7027f45d70967a5008734cd98cfbaa35389cd3375f7df06eabea3549ddc6b796

SHA512
c6d69280c9a98cc4ef0916dbb2f6d1b3e1789400128d50c6182439004ec2d129348f6f6e646d860d6e7e406fe4dff3574f0b076876e338a0e0305bf14cb614f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b40f89fd26321d0ae1c42653dd445bd

SHA1
075dbfe2158a29fcc0427806e108004345f2e2bd

SHA256
619df9418c21f01c5ef432c37f62c467653f2d075a16e8696123cb54a6a21e86

SHA512
ce59b8a3b67b77d14d1d237c8b6743e1bb5bf9a506c77d5b57c7e8e41acd0ef10b9147ca3caf9cb84935bdeca1709cb361bea637108395587ca45b2696f480c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9fbe23e8ab335f30080f1e76a3f23598

SHA1
32a63fbd73354358decece92a13877e07c13323d

SHA256
f4968a88633683b73c519fc9c43d28213b832b420f4ffff343fd1c34cdd1534e

SHA512
6c1ba6f9e3c2e3d222731778ce4c3a76abd14433eae90fb28901a2d8327b40fc1c1ff2a62aa1331413fc363a80145e633b3284296dd9a63b318acfc1b690eeb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\6e1468c4-d2d2-4cf7-95f5-862355358e5f.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
\??\pipe\LOCAL\crashpad_3432_AVTPFSDDCAYMGZPF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit