hxxps://is[.]gd/FKGZio

Analysis

max time kernel
34s
max time network
35s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-01-2025 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/FKGZio

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\9889d126-d095-4429-8af3-ebcf2bb5ef98.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250124224653.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
2764	msedge.exe
2764	msedge.exe
700	identity_helper.exe
700	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 1208	2764	msedge.exe	82
PID 2764 wrote to memory of 1208	2764	msedge.exe	82
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 4344	2764	msedge.exe	83
PID 2764 wrote to memory of 1544	2764	msedge.exe	84
PID 2764 wrote to memory of 1544	2764	msedge.exe	84
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85
PID 2764 wrote to memory of 2788	2764	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/FKGZio
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe1b5846f8,0x7ffe1b584708,0x7ffe1b584718
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x7ff73e1c5460,0x7ff73e1c5470,0x7ff73e1c5480
    3⤵
    PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2311440326320076364,15395684254062933623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d9e89a46ea1c979d600d8ecff95392f

SHA1
a03b20076c4a9bd34d03af90e43d5815943d187b

SHA256
7d5e0d521951eff280f780f5134b8f1b4c614bb4e96ce15577201272a1e4478c

SHA512
7bd673c3e908e62928b35bb2ca183a79e575775a1b76b1bd3e584c9da331d4a4c213b3de25fe209090504ce0af3f3823a27767196ed81cceb7f881106e068429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e66a3d46ce02326d71914c69bb1ff5e

SHA1
91ccf10b11a8c2d127fe825840b0f5a3c5a51513

SHA256
8408d688778cfc5151fd454f1182175674719a8a5709dd36aaac95512c7b1054

SHA512
3fc4c3299a000fd48b25ec9fa88d87892fe60b3e82005195d0afc80e028ff270e1429bb2a4fc07cfcfd5d8c23a44283c92a11f9ff11d28ec951331e3df05326c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9162122ce64d12f0f3554a3a0543aee8

SHA1
ab04c7a5a8d8022acb27e9e51299963fa75f3607

SHA256
36f3e2d926ea806b1260e92e36c92a26d993bd71a0d51723d99da55b6153ae34

SHA512
fd9a6104ecef55f5f7d1929e40209950e4a18815ea60974be5d6b53dac56efce59fd08096e7d48649a4a22054aac79953a76cad884cda147370e45d1319f6159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b9889081a040aeb108115d591c829865

SHA1
366c2229de0e2b317ee6e4e91b938218b90c0cda

SHA256
a262ce08cf0af6c6fdf22f613ee8f75be7d757c6f9cc8f0838ca829ce8443e73

SHA512
4972b3209f8d2ca66f53f9ed54488d25bba2c685b1b050c24c84787fe2e5c2c0aac2f903625a31783b22d7f6d7ac221595a9595a2b9215a356c129447035958c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f66e7cc5d260082a5212068b8175f219

SHA1
0d8e9fc88278757c5149400a003abd8c3356d0c7

SHA256
db4f1ae9b7c8931bce1a3171b4ff58671684a9d678900439e840c655d0f931cd

SHA512
d2a7302c40599fb3525e60dc2088b72decefae5ad96ea58cff941689f2d76d6872959e7c2883fee2a146abc41f1595c15c45b7c9532ec61d185d649b72bc003b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71c871376793b66a8e16981330806caa

SHA1
cd16d57cc7d7febf20935f3b329b9b500e7a7f5e

SHA256
b7d18f53a737a3be94e8b8feebf749a5fab4662f441fc2581a634f78c51f2a23

SHA512
27e0aca8c06826dd5850e3bd1ef59cec013a448d120560ff2bbbd1e4daec04005f12277ef79bb7964301ffd61a285f7663107f18470e8216099c2ded6cca883f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a76e9a2b2edd21c3d5835644824e0822

SHA1
1215048327dec78fb82b0843a4f8a1060f41890a

SHA256
c20c75a09c3d1954051d49f97439fff8cf1046403f2b0a9ddc294b054eefd457

SHA512
3c8f8ca8135ab44b297f124cdcaaf1dfd949a7fa25fd1030ae503385ecdece4c7c9d5c3b0e3652f9539caaaa7cf6d3733e4f08d267eb2ebb19bac2e47ff34e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8bbb70b63ea38955801783c83b928cf0

SHA1
91e76aa432aa9b323f7f8efb7dc94fe0b9587496

SHA256
e31be9b1110c9d3f71b40293c8f3d21fbdb1d53910d91dad2ed1f29c363102cb

SHA512
1172db8453c8902fe6ab8e417ae44da691b72e8e05a50c85d5bda1ae3cd6b54407b1393d9707cd152bc37ad56b1c380ef23dae445f8f27e35844f6233132804c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ff5dd20177add5f2fb07a017c096ccce

SHA1
7afe60457ca44419c3421847c4202a50fd4b80a8

SHA256
0e18c1f1f59aefdb789413aefaeaa005421e9369195f7c35929008ec30b50cb0

SHA512
3bbbb7e4af49e8a92b5dba457567a249db23b50a1b4a79c33bc38a14e5dc4ae9dbf480b6f42abfd3da28af57c06aeaf4b0b7f3da39b712ca49981c8c7973c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
b5ac70a7e2de58a5d4674467d6ab4ec2

SHA1
a70eed8a78b4b24e97935be9aeba8c438c234d4e

SHA256
0e6d4a8049a614a27da889e3d1944683f6340d8ecf42a306fae8922929fffc8c

SHA512
cff82b437c5b08dd868844f113a78c4d48677cceddb2a751fa05afabaa51f3552dda3730003bb0d6e2af095b37016d6443993da57ee72e2c740a534a22328d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb79.TMP

Filesize
539B

MD5
c8c8e6e8e708db89286e8b03a37ac362

SHA1
e3153cb616ee0a27e9c1bff85865ac9c8808f949

SHA256
0e1f1c0428940ec030aaf74ee75251d98d66dc5a7b317f23a3c5c1f1c734bc72

SHA512
8e23864b2d014addab74989f21a1d96816d26bb4428797d16d12f31ce42de18bbccb6a72216d55570080495190b8b7a8935fb0ed9d437a7306c8505183579b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
41a841f54c9f057bc6a28f91ab11f94e

SHA1
df7a4e9b41fdc7933f244750c14c43316e3042d7

SHA256
38ea776a53295534edfc9b93c65220b369a06c7c17df912360d2e7105b648524

SHA512
fa9df9ac0732454cab18bf8d43771da216cf05f1682b0bab007abf3b6fe8989c6b592f8c63d93093cddeeff60b531f5f5643e902bcd851f71047844e4ddff1d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9ed65b5a4107823869163c45b5164c06

SHA1
0abe969ea5850944cb7ea4a5992ec1628767b60a

SHA256
1a36ce60a5f591e9030e065a0e5f326de9bf96c0eac9d5fd89e3ed61db28e8f7

SHA512
2ca0c09f07cc74b4463e083437596ab077aa14cdfb1355aebe0faaa50bf0f1723adafd32de18901cb5816a5ed40e1fdc7249b75840d80bf82847df7b23e5920f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6ec530d726b4c85fef718af5e9d0b83c

SHA1
a7c8987c9d202f35b835db4652dcb35841b731d8

SHA256
bf535b896fd813241ceafecd24e039cc32b98d447b3f97125e1a4c88e1c9ad7e

SHA512
5636b83a389026115d312b7591afeca2576f491a6c3a144791750cb4d6d072463e633fa60166b2b594e1d323ec8e68f5abe7492736ae8a19b98058198a6f3fe9

Download Submit