hxxps://u[.]to/-7swIQ

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/-7swIQ

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4056	msedge.exe
4056	msedge.exe
2252	identity_helper.exe
2252	identity_helper.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 1452	4056	msedge.exe	86
PID 4056 wrote to memory of 1452	4056	msedge.exe	86
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4900	4056	msedge.exe	87
PID 4056 wrote to memory of 4776	4056	msedge.exe	88
PID 4056 wrote to memory of 4776	4056	msedge.exe	88
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89
PID 4056 wrote to memory of 3564	4056	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/-7swIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a04718
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1208 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1605616170196691419,16383806185954383926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4ab3ec00-f455-4afe-a16e-9f95ccf5ed30.tmp

Filesize
6KB

MD5
de66fb156a1048e384094f9efe33673a

SHA1
7f1616a99776447a8344092a3cb0da7d14c30d07

SHA256
bb81d67c9dfbaa17a2589e8b7e0ebde773f80e75eb8a44512d8123f1bf068ada

SHA512
8e1f79c15d650f01605c0fcf5dac1eb9b8f1fde8c25d4659512aceb9790d799eca3a1954520ec5e0a43d9bf7d2be9d35a8cbacf3f08ea33a7073a560e9b8dc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
79d07a6179e477f0f87421f52961f392

SHA1
6d9aed91e081b57f16b86ed4ddef93e59aadb2b9

SHA256
8e0721f5ebbb41fc8d114eb365a791d25c431e7f73c5d97cd5e32d122b081c5c

SHA512
b6ba52caf96b8db3f34010ae998b3fdf3c737bc776df37bdfdc25ff35f07de638080ccfa0aae1ec79786e3b45af76902eb7f2025d46d92678fc073b9c6848668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
606d7934af424e39c3e4a78e50213a34

SHA1
f82fda52cee26d2c2aab562508a8b567b5f98320

SHA256
d040b726847e065a3ab1716be27e5841d0c7c0655126b7b13ea7846b1a3f348f

SHA512
388554fda21967ea508a9277d3a07c7d949d35e54b50cad95957987058003e98738601457f387c3ea1624f38f18025225016e2d273e8b2c93457803a007f4652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa236e92fe3c9a6d8275ce2748b060de

SHA1
0c4ce1e2c1bb53644504ce60016f0711eab50bb6

SHA256
48c9139153a339ace33c32f65beca6d6cc0d13600a02ea5400e638a0bbf88b64

SHA512
e86c7891a00a711154140ffdaa2b6569c932dbd30a218da4fea1bc76c16f7543ad19b9ad9ae8882e9680d32637a13b3d007fa548bd500ac7b41d7b1bba6e4590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9e9b1b94667b7fbab428d35b2d32c406

SHA1
4287a6827e922f114eacf7f1fc95918d0a346a0e

SHA256
09d28d2f4318b167e5edbd8093b6c4af022cbeac806b146252017127c88f340c

SHA512
29bcab50d88019a489d18e97674a22895de1d5cfd16281c6c682c703ec179f9f2a5620e6c7f7778d3d118bf1d5bcc3e4337cd98f64f919303a02eb7bcc63aade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0b691425cde76039e27d4b7e0dd1c00

SHA1
6db52ad55ccf77c801e62abbf5f71aca6b92d3c0

SHA256
cfafba9d90082b72b074cc25098a088b538c91610140aeee7903e431e502a3a3

SHA512
c098b6d2a7872aadfbfcdba0938639ed8497c67c526ef573780db98d9513784516cf5a6de0b8d8903c9c140d6ec856b80e6d3b8d163a3c0136828a159bfc9f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0c8732efa5ea6f48ac79ce7df868fed9

SHA1
21a4aa02b74333c6777845fe2b4f6ce57d75722a

SHA256
a48cb256ad2a9f2d3950a8b7cd91483daab37979517ca7089d494d06118525f3

SHA512
a485e290e399dc44409d9b9e7ddcfc63d3ef26c7e960aed306e95add3ebc1e3586b94abccc4943750f927dd91e6772b3af7939b9f5ea7f100d01b14c2311eccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
218c5e805060f92c6b4a4c1ba3151015

SHA1
3d1bdaff92e02e6d27b10e020fd6f55efe20510e

SHA256
2e0684f38f24fbe9f27c410c767b878dc35b1f59a77077b90df255ab42e99a46

SHA512
796a13d30e24b11d4156b7de0710c97320d03ec9d864cf5fd6eede93048c3fcb96949eb223307ef4e83c1a46581bfe51ae994da618ac45a9e5da3611726cbe93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7db5fefe803cd49a706691120e97c124

SHA1
a86f70f54900af8d40e6b5fbd16934e34c9267ce

SHA256
8364dc3e2d74a51dcff9ff936285af33ecd2140391337707cbf7817b3f58bafb

SHA512
f192c0b4e03aa105c5ede43e23ca72200049221b82c154943ae68e8a046296fa8f43857982f3c8c10376f66c69a9d379af539f39f85cbba42e25decf4fddb257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
18ce48503c9b7a73c343bdc98393ec34

SHA1
a010ccf76be33821036b89ff3478a6faac3a4e97

SHA256
33d89c02d5317ea72b05468428b4887bcc6190010ecc2dd9c882d0f43e2e5107

SHA512
e8a34591acd74ba84513469f9846756219962686ee9bfd8c5c531c8acc7d8dd297d1b269eff74170711974d5cbb7f4e34207379a02e1a5be9762291db6463cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
520bcb7edf8bcbe2507a84c8cfe06114

SHA1
7d636f88e38b407e521fafd3029861ebd0b18ddb

SHA256
0ce0c5eb4bd69781186e0998ac1d0b19e88761b340990c0b1f0ac5cda286619b

SHA512
55e9838a7466dcfb32216a7b99ba374ea345b30cbec077f389a32f0f66ddfee1f8ed07de6183bb2b8f6b9859d5b7a6049af960e4e39956ddc6740e170f27a653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5981b9.TMP

Filesize
874B

MD5
2df42adb400e4178d7142336bb631908

SHA1
0c440fc87dc589f40f7ca1b9730bf3a59319bece

SHA256
48d551d4c6476f9057b9653bf4296770ff5a00086e7d02a7fd40f9db711e3de3

SHA512
461bdb863bba780e972220263c22b644d219aaec13ae3af7208c5aa7bc31f051babfb1d323006ba8b01e631064908e685be61578ccd29ac7310cfda48ebf77a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc50b834cd5593aecde7945f7d55d8af

SHA1
a943b892b19d032a12d9e0e5cc31f8240599b60b

SHA256
7fd2a3bb78ce41e9a8d49313b39dc8a5ee76a1d7e595c68423d3215e12105136

SHA512
db6bcb1a85812da33f2bf23533a345bac9dbf78f3281a51627ebaf3f60c051235b0439ae3be36010022faff696b1b5ff877bba00cef2ea658e7874ec9fa7678d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
a1a5adf48dab8e5327a9c959a9e02c8f

SHA1
cbc48e7d5078367ff5135c0a4dbf448148cc68ee

SHA256
38f086685bf4a4e7ea4348d6e8685550d49eef3a02cb58dedcb3264dc89a3052

SHA512
69795ea0b7688729ce634a225a15bd692989d59f30f1b179b5f383e28810a10ebdbaf6cbc25a0475421f846faec6044fbd77e719643ffec8ed0f9ed44a038e6f

Download Submit