hxxps://dahood[.]wiki/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dahood.wiki/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4912 msedge.exe
4912 msedge.exe
1628 msedge.exe
1628 msedge.exe
3644 identity_helper.exe
3644 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe

pid	process
4912	msedge.exe
4912	msedge.exe
1628	msedge.exe
1628	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1628 wrote to memory of 60	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 60	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2688	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 4912	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 4912	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe
PID 1628 wrote to memory of 2180	1628	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dahood.wiki/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c046f8,0x7ff810c04708,0x7ff810c04718
2⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5263053497146765808,16028212219812785299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
3a076a5c95afaca59856c38effa3477f

SHA1
f770023d6da570234d0e3c4665931fae36a11370

SHA256
a4490a3796d6e2b41de179e14c5b4554c7bc420488a1db74b6ba83fcbdabb78b

SHA512
fe2f86ac4e4dfecba7e5d212ca50a06d186bfa4422782b2357d874f3f4633d85f4f3f68359683eeb7b8a4ae23f203dc4597d6e02011c70a7053623802213abc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
c1bee97dd3e07efd14a5cf370ed9faf7

SHA1
d64e033fa0600c9b6de167eefc5c1c0dd5dd486c

SHA256
e3426c6548ef151c0e44d283347d70d251dec6f98b53bc4eb1161b2476e05b04

SHA512
a2ed130250b29d474de795c7a6d7914dd0ac520339aa46726713c7b08039392075eac1c79a4caba57c2aa72387a6344c2ecdf73cbcb2cd695ffd35e9a794169c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
62f6557f547d5d8c0097739ef09eeb42

SHA1
30ef0d7e584ad20e19b7ac2206d1468b7664bd69

SHA256
cc80902be0ace94712f97e2310a24cd28d304474cba909b2a54ea95e0d20e769

SHA512
15894a304c2ce9ff9f09fdde79119b29188816d350ed4224708da59dc3a2a87804f1a4e4fae0c1d99e36c663f145da8623b2aba06e752e18aff99adec170b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
875d235e1a06007a4faa0aafb8888f04

SHA1
b528d7e403b7b6d4df9d485cc3ab5eba40c26f71

SHA256
071c49773aeeb1bc10b18c2a41a38e9448a0755f2b7dbfd35fb8463cc95e2e8a

SHA512
9bd1f06bc185e21006d000d98919a6faac43a8f3182fea618ea1f465adc9f28f7dbbf3a41032457c8a829489c7ec489fb10a287499e3bc0bad803dc41e034612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
08f89376d92b1591fe8b9656a416d39a

SHA1
8654e5c918d3121e1fe0a358d172af73b61eb43e

SHA256
964d91b5f68a8dd561d5abd873f369752b39662e68fd5a4a0618f48d8b49adc0

SHA512
775d816456a0d237141fd55689e5e73ba45842fd6c2e4bed58495919bc0d5090ea4aac372f2503559df838fc21ed4b453ce63bae0980eefe14730b5d212cb0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
039b3c6d9410521a3f5f6a10138c460d

SHA1
6da500db709b7beaf0a341a930f5e01c68257e3f

SHA256
12937a6ed7ba4178bd5ca841f93cc354b973d536a8dcd92fd5a023a724edd108

SHA512
0974c23da2c39500543b18f1699f70cc6b25e52fcb07b1f753f2262674c625bf7dc36028eba3576977dabd13818a166d46e310b65570360ef1c968114372ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4ed0a5224e3e307071b7c53f8d3d10e1

SHA1
658a13b0ce325088925d7113e237d139914af64c

SHA256
37cf10355cac93d21f25d4d304fd8df25b057025a8f82121f5265422a112ccd0

SHA512
ab941b776edc606ae183018e994751346ec8c2f453a6dcaea79e7f665c29e7809d6ae1fa70e25792edb2dda6b0f51f0d77cbcdaa632d939ebaa4519f412e00de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
202B

MD5
f341904dbc6ea18ef5f3e1e44230b143

SHA1
f2dcfe2f4dbc062370b15cc2fa09af227f27f02f

SHA256
62686d81aef6e013bcdbc08c2ec7c7e40aa1d3c1c8cee8362fa73961e592c6a0

SHA512
a1f4b4f272113572065b8f1d4a46e6e7e80e0c0a570852461161e8cff20d68aa76771cb021711e1bad72f02270b074e62a124fa3b00e381e8c50eb4f0d12f882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58071f.TMP
Filesize
202B

MD5
e010295348513ad31f5c012640e70255

SHA1
480592be7e6637dcb667b05afe1740936fc34eb4

SHA256
af324611a1fae33ea0f5eb1acb220a750180b7569b9256a7c324e1882c668f09

SHA512
29b306ce4f3a3c957de977675e2f4670993c94be0762dfc2c968ba7d5fb74bf1a7e1271c43fc69de6b6c7949a6f327bcf38f7c6308bd6cab5d9e3002683d0723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8823b3bfdc556a73e34d93dbaad7c7a7

SHA1
2f38533a4f32ff34fb6be4170c3e2dc24caec6ed

SHA256
1fd67e89133988263e3fcae7e8209397b40ef3f9ed23c9a94c84a59041033e4b

SHA512
3c3e9142d28e27a3037315d75c8014ebf19d29739a31b201e1a8eca1341a5c84e3a5c20112f389b381319cdf781b44ed16565bbdfad26d91937f5582a029229f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
332fd17f4d1499ea2707237f0ad1c9f6

SHA1
31cc2748cb2b5ec84f7c979033fcccdaabb6e89a

SHA256
b79b2feb7e958b8509eecd8715f6d0f68724bc941b65da7f96156f70f79b5156

SHA512
ec6a25570b15eca60f51e6fed0b52d9b3d3891837fdf7c27f7b5cd8bf142d07035d403a0b2b1fb3adeb0acf831ef48e72ce21851b1a4eecbfd18bca1079eb967

Download Submit
\??\pipe\LOCAL\crashpad_1628_QRXRKTCDRPGLGZZU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit