hxxps://u[.]to/rLcRIQ

Resubmissions

16-12-2024 22:49

241216-2r5lassmfs 10

16-12-2024 22:48

241216-2rbyzssmds 10

16-12-2024 22:44

241216-2ns34aslhv 10

16-12-2024 22:34

241216-2hba4asrck 10

Analysis

max time kernel
63s
max time network
64s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-12-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/rLcRIQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3f0c8aef-b561-461c-89d8-a02d53220869.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241216224420.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
456	msedge.exe
456	msedge.exe
1432	identity_helper.exe
1432	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 3564	456	msedge.exe	81
PID 456 wrote to memory of 3564	456	msedge.exe	81
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 2392	456	msedge.exe	82
PID 456 wrote to memory of 4708	456	msedge.exe	83
PID 456 wrote to memory of 4708	456	msedge.exe	83
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84
PID 456 wrote to memory of 2340	456	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/rLcRIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd95be46f8,0x7ffd95be4708,0x7ffd95be4718
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff65f245460,0x7ff65f245470,0x7ff65f245480
    3⤵
    PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9426978249237445271,15307903425958775086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6547c6e6bdac94ad11ab8e5311c7e265

SHA1
cc3401985b79ed678f8b94b0500766691044ee7f

SHA256
685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

SHA512
d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0526f2b37744871ef85ad98e2a03cd78

SHA1
7e8475de7f5614e30b67793a41d35ff492aff7cc

SHA256
68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

SHA512
12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b4f82e40e9ce021144be7f555618538

SHA1
0adddb572b89e3577311db2312fdc94fc7dff14f

SHA256
b45a252b92abf25403bab081b6ed20ac074c85b8b0c92400338100f2f265dcee

SHA512
231be1aae8902ea10e0980b3db94f914a37253ad8823aa7095b47c05dbfbb49f5b5187eb3d560199467c1b065f3c889509ebbb314fef41a4a971aca5b7197861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31ef7257e01dc60a2a6095f3063d2245

SHA1
259fda6ea5e90941e7f995e11a9b9afbf3c467d4

SHA256
731ea6407824ca7f56a07198a867166d26f4ae6b0bbd972519754d1b15bccb07

SHA512
17aaf2a593cd113ff25dc58ccebad2bc5dca8d0baa32a9781ea581a7a13572a171cbcf84d24f839db7e667cabf74809f19bd0ed830d8a90a14ff5eb96fd685c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
977ce7bcb389f5c553ad68ecd439839d

SHA1
0cdf427f8a7f5e8b23204ffe94ffcb163a185d9c

SHA256
bffd40951f5b7f10ec8cf36f194a96f2d8e9a9f07c17cb6b5c0b49b8dbc71ac9

SHA512
96f5986deaa608a5a537fa8fd70d2b9b56a2ab3cfe95c4bec5ca304fe5720e606b04c34e035819be3bf0f3cb131acf9de07a9ce82f722dee7c76de0dc3a78322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
53aa92384f8dd229643647a024db8d61

SHA1
4c1434d5ad4cb0ae4b8bad2ee31f82ba67581992

SHA256
88831be300e64e2d65654f5667385f50a7c05925655a06ccb8252a161455e28f

SHA512
cf23d5eeade7ea6d240cb1b8e30adc2b4f0e1cf0359c802715caecc9855251b2a8affcc7cd0c7d57339164fd8af5dde4447f244a4be3c14d5d4f95990bf879fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
54d8d5d412f3513b3c0f5d4f86a4874c

SHA1
bd77a00fb917760fc161fe3a4d87d67182225c77

SHA256
ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

SHA512
8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8ae2ef3c391a3712ec8aa342cac3722c

SHA1
75451bb9a4af91f3eaac54346f6896f930664477

SHA256
c5c1570bf89ad9531645830c62f23bf6fd9a1d8fd7a745a553839221971ea4a9

SHA512
81681b2ea3e9fcf6425b44a5869463eabe5ce983794e00836a3e3e64d110b0831d7578ccaabcc6fb33d6736342809bf6643d37acca46c1fa394b05579c17889d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581846.TMP

Filesize
203B

MD5
b159615511c3b7fbb879e445ebdfd28e

SHA1
355c5162ad8934bcac87d90059065016536edc56

SHA256
6c33294b43ad7f7aa70a7a94204ff495a98a20082fd7e04688705f67cbce6df4

SHA512
b7eb4a46e9f363aa0077144f7a6292eecffb7ad710378e57af9797ecc2469750d7729e34afe03e65106b6a1feee0beaac34816f883f4668554e6e95087e3f8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
462d095f3fadfd68739e64bac036cfb8

SHA1
be7f93ebfee2241990ec3171d37136d90f995a2e

SHA256
79f850655c20b9027271670e1e0ec544ab204c0051f20c29667303f81a7d23f0

SHA512
d734bc5b0aab2072ed154886e5bcd31fb784b64a15c843a4e3ccbbab90a36ff8ac95702c619d7c1be6a1ea7b6748747b724fd9e889d99590e88adbdf14b5d217

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b487b5d0663c7c8b320a73a559be1e8e

SHA1
c1cffc2aa8c8c12b53a61976ca267403af3e5787

SHA256
fdea1542a790c03184be3cdc754b157eb763a64ace92e8193a18ebf1c4499d7d

SHA512
3acd8886c509c30423a9d711c28e90f3a441ae3bd9c90b50983dbaa74f2ddc48095a504a546a90720c394da0075cb417997662915e048e0fb905bd2e66619701

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7a74ca7523d1533e43c62464e14d49da

SHA1
0d63b153b8073a1bc43d940dab3261feb65c59d3

SHA256
c0794c40cdccf38c8a466658426443de1ce0d8e991742117c66abc92eaf3f456

SHA512
0e70f169e1cb744afe87f45967bcc60d1b6873c5ac66ca36b38fc09a68df2f5319369ee3a54d57b463d979273a1e6456df3bff7dfa0063fc8dbb496dffc7a58a

Download Submit