hxxps://u[.]to/7IJpIQ

Analysis

max time kernel
145s
max time network
139s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-01-2025 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/7IJpIQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\76b4e28d-9f6a-49d4-9862-7e0020cff990.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250123112857.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
896	msedge.exe
896	msedge.exe
1664	identity_helper.exe
1664	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 3884	896	msedge.exe	81
PID 896 wrote to memory of 3884	896	msedge.exe	81
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1072	896	msedge.exe	82
PID 896 wrote to memory of 1124	896	msedge.exe	83
PID 896 wrote to memory of 1124	896	msedge.exe	83
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84
PID 896 wrote to memory of 3660	896	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/7IJpIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa3e6346f8,0x7ffa3e634708,0x7ffa3e634718
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff644b75460,0x7ff644b75470,0x7ff644b75480
    3⤵
    PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17680009911047322752,1311685627351164121,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c6c51122c811a0f047374c84954de8db

SHA1
46b9923064d07adc31ab16fc5a6358b46a429329

SHA256
0e2b81c17f8dfc47696bfaabe2abbe02912406734e3e2db6848615ceeb88bef8

SHA512
d75eb7e979694b47f0fde49b3514e100677d2ee7c0fc5f880d2ed9eedb5c215e15a6410db913fb7d9b1c8d4caa9235a8587e0525e4e78c4ab5170b23f8dd4d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea1c2801aa63b0b7d559edd3adc7cfdc

SHA1
535995078ba0c227fe78a9bc340e848907e420e4

SHA256
d5daf639f0e5d8039eb65ce05767ae58bfa4b04a6a5b0b01b7a42bfcecc9756c

SHA512
877abc639d9913465eba3e82e2192a03d6e63ca341e0954c9b62b109d1f0547048423f4f0b6825c4a1846b7964f1bd14272663d7166df6a71446328f9241b06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa0f5f476f66d72ce035f679b4871758

SHA1
efa2cb27cfe3ec7a0ddad8d7e0487f5f84f17ca4

SHA256
45d27e38b8de6102319cd39b48111202e4e850841da08c08a6b382a1e136217a

SHA512
4cbe532e34922d826a83e51be494aa1bdd47ff2120c09a220d8bd228c733a3de79af897650676779bb638a45de7f932ed221d19070f95389ed5f78dc05a59b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4597b330a8adbc8621578b28f678c8e7

SHA1
44e5f9b16205351504044cc84c595d16dc47aace

SHA256
2b7c5b5a1dce5585d40b858808ae8e2132367aba527df68ea6afa9149ea446dc

SHA512
ec1e839d7011582542fcf5df0f3cdef9bb9228d762b226af4a0a888ac30598b31a362eb0a28209ef14f533d8ac5f985b686dfb017899b0a5675afe1b23adfc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c324cc54872966630e2403b43ca64697

SHA1
0317bf6c529c8dd3ea8990bd74631bb8799bd7d8

SHA256
829b7ace0d5c40e2a6858890b177790191ddfa7fd3ef34b272cdc1e3716c5c30

SHA512
b3378db1f1614fbb96bb6d9e2e92dd994c7f11e09e9a3d2925ce37e642493e36703c1491d1b8a1907d267e34b2d2c8ddfb23209d048bb83dffa6919eb1ff14ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
db0cc03b1657f5dda4b38846f4eb7157

SHA1
1deac63712a9f66b4a33ef65305ac5f0c678a34f

SHA256
2b79c7a18fb021ed166360ffa784c4fb44b5784d7bc8e6187dfaa80ca4c07761

SHA512
55dfbe0425daebd6fe6cf54019e690fd4dcd28917a91d1fa0db57bc120d84d2f11bf119d836b8f0cc2e5c1387fbeb911b1a08a452fc493c06850d80621f45f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fccad2652971ce1f105ce6354c7d5235

SHA1
47e2387537bb38fc7db14eb46607dbecc093796e

SHA256
c9f86fcf54928f7f4f85f83bc696505cb63d1300f7a1ffad4b97f3cd92784c40

SHA512
31a536c04ade93a676958046da98f24b439ac8541011be47d1514a6556788d052c1950cd37968c1a9bf57ce6e0b29db9ca3f2d22e28c8b6cb653527b0d74b3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d372d10a1e85e3852978d0d690ecef12

SHA1
ad44ae83b60d7bb032de22c31ecd7106f1ff9fc9

SHA256
34bdc91220b7475c811f201cb6b410f3085e5ec1f15d52ad3a4844350d543e33

SHA512
71d9f6aaa29f57fccea7020d66426d0cb0ff1a83a4012c6a9f8794006acea100dec696851fd602320e4e477859dbc0eb898059118d20ebfe70391f72a13bad1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
27c7e485bb568a175050c392510319c2

SHA1
28c9fa4f01ad3e468e77ec597627602da2c88120

SHA256
0fcd548fafd02be8c7d2bc5de975fd68ed2cbb3b52ae6071b685c230e6d32e65

SHA512
f64cd881e8e4b7658fc1f3f30e99978b8b6495d432a3fa4a194dab94aa3166fc9afb7b7cea0a536531a9f6a131afbdb8ec75a1bf2824cffb7395d2384f4d5cde

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
45f4ae55829b7f16eaae839de80b8a93

SHA1
ed0e29a1d675a42195203b0629f8c92c5146bb38

SHA256
52c90ece90aa80724e3c713f4de1911ca7e2cf8fab16b0f5818e8b80725ba5ad

SHA512
33493ed02e62f97ddc3449cd0360f6c00535c35fa37b5d34ebe361b9abc1d01a09e53eb3d9c3b2218338e564ff976db984c07fe3639e3908930fcf051c7b7bb1

Download Submit