hxxps://u[.]to/sT4jIQ

Analysis

max time kernel
62s
max time network
64s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-01-2025 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/sT4jIQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\dc54c3a3-9811-4a4e-99ed-1781fd5ca090.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250108192720.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
4484	msedge.exe
4484	msedge.exe
3120	identity_helper.exe
3120	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 4636	4484	msedge.exe	81
PID 4484 wrote to memory of 4636	4484	msedge.exe	81
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 3152	4484	msedge.exe	82
PID 4484 wrote to memory of 1708	4484	msedge.exe	83
PID 4484 wrote to memory of 1708	4484	msedge.exe	83
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84
PID 4484 wrote to memory of 3040	4484	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/sT4jIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcee2446f8,0x7ffcee244708,0x7ffcee244718
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff736a15460,0x7ff736a15470,0x7ff736a15480
    3⤵
    PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,6133378632148592107,7880927540205506155,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8978379b8b4dac705f196c82cddb401

SHA1
873169c69e4aaa8c3e1da1c95f3fc6b005f63112

SHA256
83528bc9af5e037e40f14bece26788301e4555a6164b31e6010d93d7d18f0afa

SHA512
2d73194d03ea51d4154ee9556950dee1e666720c4b53fe671cf2e7647889d480c2941757d6b9b4c60a29a6799478450136f4847b0bec5d4b6aa630d9ca856308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c8c74ab5c035388c9f8ca42d04225ed8

SHA1
1bb47394d88b472e3f163c39261a20b7a4aa3dc0

SHA256
ea821d15371cdfef9f4c01c71fbe39f9db7bfd61e6a83e09b14886c5756cd9d9

SHA512
88922af80d561b3cf10963160d245044554f9011e4aec4fd40c740b06e5e87e9bc16ed309e296f549d9244b6cc93f627d6dd010eb2d325b38cbb1d43d8b95157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c5d4b6b13002b907685474d7ff0b989a

SHA1
ba1cb8de1cdc32296b8b97c878b8330db3ae7966

SHA256
7e4fc36ed7f4e3ff12d54f047b83be91e93da67afbb9d58dd0ddb12f5bb55ade

SHA512
6676b2ff1544433b1a6e37cdf52cc6c6987c9e2971a5340cf056cad12eb1e16e464bb67a2127cfdbbb051df67d0edd107ea0fa1f3c6c3e6c08bf3c617477c44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7969be84f3ed118d8a787e5cc950c2c4

SHA1
3b17ef3912ff54c91e7f69f9cafa042299cbe6eb

SHA256
67e75301c260039d09b644e86dd70f6f358845defe9de4debf0adb08cb417adb

SHA512
be69f1c82c260ba45b536f79df2403f0aeaaa7a36dab3ba087370170327f98a318e4504e52b09443ceb6b551a071197747ab78e172ae33ea75aefa2101051c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d2b0a731de4a8f9db79a010b6f029e72

SHA1
b3990b1183e239cc55555f01f768e6099d9557ef

SHA256
762b0026c4d953b230a0ed4d832507c951e871cbed79bb0c359608a4528dd2d1

SHA512
c034adc719e4a021cd6f9e389ff12672cb00046916b895bc5636cbba2b6de2fe07e512fa5a85738923be1e34de296ad88ceefff98be935f15cd1d447389bfd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe583f94.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a6b123a143a3a3ec08a2e141edd8fc5

SHA1
9a68440f72c002aa07981588b4023aa03a4c1982

SHA256
92dd95a0ec60d024df13b46eb886abc9c8b874aeae4f00a75492724a5e21fa3d

SHA512
67b2ea490545116c52038b7c7153fe663de2b7e0f5c1ec58899dfaf7e37740652f0fe011f3274515edfb587303fb9a7f2e6680d65bf10c4c8ba157525c0be06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ef381c2d0c58c3a1db7cf414310321cc

SHA1
f533dcb23405098c71f04ceb8e3425404a27b9a8

SHA256
34b95c8125563b8fb96a3eed019e667d9461409f0d7c4bf1509d4f5c15dae29e

SHA512
126af545418a9cc00687bb9ddd07a3a8638e40df857a9a522fcd44179469a9687c9fba87f9673e403e609a7201c479e88834d5e8f23455ac57465a06f9477958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b0597b816e5896e5a966a7735d148d7

SHA1
d91f575307ed07a822b14f760d290f72cea39f1e

SHA256
0e38a600af7f95854696d7adabd9c62d37f1859beb182f0ebfc278c7fd38f476

SHA512
b99aeeb8bf6405b5cc5f4d48ecbb9712bdcba253b154b20c6bc2c3a7b9d4c7f8ebacaf0bb241b60b30749c220f215900bf8a08cae57d29e4e43160ea354c88e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af2bdd473475c1ad31764805a596b872

SHA1
48c91c9ff4b3dd245efc0b04abd91ae5a9814193

SHA256
19ce1192d86c97012c7af07a5b0e4b0bc87bf66aea4ae7132ef2ed8253427a35

SHA512
e20701031c2c07776c8935d1358d2be31659cdda0226826f0f2fad1ab8229e5f3ba67a833588b37c984a82ccef9e5052ccd46830b7376c06022a28e83dd7686f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
671cfbd0275770e681ef4ede37140969

SHA1
ac145dd046e86ab6aff6340664c509c4fd5f1746

SHA256
dfafdb318c177ff96d9b85ed518f229398c3f5161f0ca48ff427516292b9d823

SHA512
d76a8d3a91d1e5e84b35cfa815736c1d0bd7252381f4e540a8d7102385224167b995f698559c95fa18ed3a50e14a58fb0a96bcedb57d4770df50f98c6d331faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
55182d891d98ec9d988cec04bac8752d

SHA1
e18a06e1498ff69c1c2697df7e195cf922a92e01

SHA256
08dc082566b36f693f93e341a5eb4e93a95d5bfed35b952f5ddcf4a5d51e963d

SHA512
35b9bf0c05da26bcebb4e259deca27c84e28521aff5a27af8205624581d1b0a7da6350ee7de0a2329c9cbc1d8cf205c1487638196232cbe794aaa91b0d86d0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2af3d8e2df38d8d20164fd6414a2e2fa

SHA1
0791661981457efb1169b140d3a1b34e5244746b

SHA256
fd0b4651068f1c592ff9e6c9150baeabff5b4e100a3f8d09ea60ff59fc4f8a59

SHA512
352d4369eea975557e0f8c1c7a0dfa9ffeae0188027a32dfe863195ac74f65c2937dbd914d26e7e0379b0bd064ce0a1b39d3e0efe928c2415b6855b8ea49bbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583f27.TMP

Filesize
48B

MD5
721e2d3b23559c61f21b329f5e1f843d

SHA1
2173a077fa953d4557c98513bf4a48493f335e1e

SHA256
fc790eac1ce6fedd96c9e67ffa38b3a0aa53b28dbdc67600513f683c3d496938

SHA512
72d27d8910ba9eaffabbd787c64afa8c2a8474260d96efc30caa969fb14b0cd5f5003bb839b4e39c800881c8994e96c93af9e566ba931c758d52215b051cb39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a9b8631ebad90067e0bca4c53bde413

SHA1
9680b5851eee2153532593bb90c8381f3290cd46

SHA256
808d93ddada905e3f9832ae8b49985d06b22214fe3c380f46a7f62ee9a357df5

SHA512
eb7ba359b20482711294727fcaf01fdd1d791d975775ed10ba7c1f77b95b4ea2bc83e935efeb3f134046a8cbf5f958765a49c1561f0f4c70b6038381d839aaee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
21e36bfb5c8595baba37c82a5afc9e2b

SHA1
ef39c329e621603aed70d479424cb2ee3b5df5be

SHA256
4ed1488bc90f0706881617cd322f55cef1d62d1a813e3c5e73af77b3c7d495c6

SHA512
65693ad032e87d7b006551d2a88cb2cad9701f9ac2fff5f51b30c55f0aaf15cc6e7ff4681531bc766a9ee71bb819e2bf3291327426baae05191f1d27f65746a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d0cc810929fa94bbb5bb6a4cb8ef5b66

SHA1
bfc5142f604fd4a37fdc810e1d519bfab5c1a6e4

SHA256
5daf128e68d6dd649a89e9a97cf0afedd6a8e23a4854bbe8a18cbc6a94b8891e

SHA512
57444708ff5c751a9bb23dd4f259695a1e3b8246152f1889fbed0c580c21812d31ffed3fd873bc04e42c3f721eea3d194d48724c5ce3828ceba5465e31ed2eef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
cd35627830beae6c02f7a974dca590d2

SHA1
16672af1064df09279accd037ad55338c549c63c

SHA256
ba620d8fa4c0d028939b6ede114364aba59d676ce3799b11f9f75169387b63ec

SHA512
0619912b0c076af31c01df8a09689a0d7ce47df9741bf654e937e017f9a3b66f7fa18397d7c0070639385de1e206c4f8acdd091a1d11de45f454ef3ad16ec9fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
58f2477d99b4f08ecbd8595fe18dfd3a

SHA1
261cd365dd0873c060e1ff18d2104d6404e2ef4e

SHA256
37570c7a19da2e202290bb1d3d21326932f0402f988a90a9b29cb300e379701e

SHA512
d541546f0b9b24a2ce0fea7e708c12b746a92b9ebccf352102cf6ec07cc0b7288d253bcda6aefd88f66ac8c3c72154d70a5fbfa0a6a43f4754d2111e46a3b352

Download Submit