hxxps://ipchicken[.]com/

Analysis

max time kernel
23s
max time network
13s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20-01-2025 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ipchicken.com/

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	ipchicken.com
5	ipchicken.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3c4e6dad-a3e4-476b-8035-50a7278ec2b6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250120090601.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
2964	msedge.exe
2964	msedge.exe
1036	identity_helper.exe
1036	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3008	2964	msedge.exe	81
PID 2964 wrote to memory of 3008	2964	msedge.exe	81
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1876	2964	msedge.exe	83
PID 2964 wrote to memory of 1972	2964	msedge.exe	84
PID 2964 wrote to memory of 1972	2964	msedge.exe	84
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85
PID 2964 wrote to memory of 1120	2964	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ipchicken.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffc1c4c46f8,0x7ffc1c4c4708,0x7ffc1c4c4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ff791485460,0x7ff791485470,0x7ff791485480
    3⤵
    PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15013600309321207988,1495361323916486381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c2eb126a03012e4645cbf12fa576adb

SHA1
f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb

SHA256
ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec

SHA512
40008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
501a25f290332c25255eaaf70ee6f240

SHA1
23cba10495d7098ad6de6936cf31c1b0eefd1246

SHA256
420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc

SHA512
84ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
084168ecec7bdbfdf3f3aaf7948a09de

SHA1
de3a7bdc3b41b8cdc318b9924ad0266b32033100

SHA256
dd7ea3030da4e1035b22a10fd8aa8378d0abe9d87fcaf03fe6ded303a5a440a6

SHA512
faa77ca0fdb9b0a5b8d7b94a07b6f41195a48bd9e149b55ff9d4ad2da3de5f3f5511b77cabeddeceb7dbf68a513e737f4f132ddbf6d4d2b831516ea21e916aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b003ad31a14f9ae89e033a626b7d6873

SHA1
6ca1af3e03e096594668b1c714305c5f44f33e53

SHA256
d371319b70c3706b1fc37a56a7fa0ba41206107a981f3bbd2f7f1ed8c63c3246

SHA512
8a0b0a6dae8ac7114022bf552328fcec7a9940b8b1e88a86c4c0ea1a6a761a3f27f2eb780eda4f3f3dc78e033ee642ec9823b5a57a29a40f9678a336ccb26826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6cf489cc5228315925e9278eb160e8a

SHA1
159909d74aa6bcffe4bd7542ac8f168b150674e3

SHA256
622d1a14c6de07bf56365937d7951590e958ace8f709e51c343c507fd2529c1a

SHA512
aaad112b067b984efa187e934e09fd0f0697c0adee27dfa0d8fc38515734abf4fd67e5fb27ea350c57cc55f54956e542c97e4da6fc86c67f8506f26ef4466cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94ce4b2ff0abce6d838ac24a1b0f4e73

SHA1
02f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88

SHA256
06180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222

SHA512
b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ef30b5850d78b050b13ae82ee13c6b28

SHA1
25bcd922ab2c62d47c9bfac3fafcca08317ad8e5

SHA256
dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30

SHA512
f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d379d42a5cf8563b810806921fd0be4

SHA1
c079cd084325a03b7a9f1e1bcc0c65987e513e77

SHA256
295bd122ae5a83b59a791d7ba4429d524419660f8491bde4b371c41e1086a7b5

SHA512
6f5e313c5f34c20df6272bf9ef6f83bad02dbe2909ef8ea63eddfdac4b99196141e3b29f7a8653b693b2d0534f04aa2b6bdd09be1e1fc7006ffb2192efe64a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b2e2586eeccecfb8618a715530d8b655

SHA1
a2497ab261927b582b103177275260c15c90dae8

SHA256
4e33aaa780e5a16ef0cca1fdcc19e5682c93f8caf60089b56fd467fe459c2ec7

SHA512
84a852d1ec37bf4f3725840a1d6ffcae5dbe0942038ab5db7adc40d2c84caff89f3579f9f5beadf60172685def5b343e7b1a6b90c2aadc7edf50b8dd936c37b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3527d09e42745238593569ca8019e7f4

SHA1
30b6aee0b8c414c7ef54f6a75ebbe0b7a673ba22

SHA256
896d33f237a007d50859b1239617e80e70e42d6395295ea97af1e870895fd06c

SHA512
b1c8759708350174015777b5e3bb7c305cee471c049b78cfd16d579eb592b75f110ca47d57426c3542aa5fb166f48c5330fb2574e08336d607f86d2bddd9cdc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6884fc3e632a67275da89f2688b055d5

SHA1
d47cd0455415778519624d6c8b553834155ca368

SHA256
25a551f5ad4a286d908efca99ebce0817afe1fe0fd516ca87e3ff2f29b2af09a

SHA512
31ebc2e1a523fa592405bd1b0eaa9a7d65d3309c4073a66eedba85bb2089bf6646bcfbd3139d28da277f65f1e503c0d150d9f7add72824b963583845948ec844

Download Submit