775809324be8db2e8b98af3b4f1a63ca41de77c2fffbefc20226e3e8b8ecf4bc

Analysis

max time kernel
480s
max time network
569s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dk1.html
Size

908B
MD5

9f7e98f95c775c5a0f0a7dc53c4e5049
SHA1

e99973689bfa7ef03c791a1e4e20a9d1e6d06a1a
SHA256

775809324be8db2e8b98af3b4f1a63ca41de77c2fffbefc20226e3e8b8ecf4bc
SHA512

abffa446f0a9a25b856b964dc2b66457dd22c51e0eb0f9cd7e70e6576350bf3ebc91e1b1ab520439db9759e17b7260402f7e0bdfd235b1e9dddd79a07e09ac6e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
4892	msedge.exe
4892	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 664	4892	msedge.exe	84
PID 4892 wrote to memory of 664	4892	msedge.exe	84
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 2584	4892	msedge.exe	85
PID 4892 wrote to memory of 5084	4892	msedge.exe	86
PID 4892 wrote to memory of 5084	4892	msedge.exe	86
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87
PID 4892 wrote to memory of 784	4892	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dk1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dba846f8,0x7ff9dba84708,0x7ff9dba84718
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15921149524091320027,7386317757302485493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da6a56bf95cdd72a95bdae0197d55e35

SHA1
ad5ea49935067bae4df5ba2935df996402d6ee9a

SHA256
20b9e9b467beab2f980f5eb79e59dc516c2667aab6ab5cb44f13c16fd962a010

SHA512
57618e29b8b010b4aa360df31b285a8309a578d499e6428b24fc7732732ac2a13e6fc3af024ae3a4208effcdef3ff8075957ba2bc4508837e405a3e7a577cecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b6b729e5a5dad519bc4095f0b48b0619

SHA1
808607e10d25688c7e7d3a92849bd4de970a1037

SHA256
c8d480f55647ec9bb6bd78c571578fa8f9dd5bc22c72e6c3ed802e69f6dcf460

SHA512
6f8da3bde9216d5c6352ce3fa685cbad0be0f44e8e6ef146bb81c185461432191e504a5a1bb9d867920b3d6880179262bc5bc9540c4b67425d7173ca34c0b963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
242B

MD5
586502d0111cc19e4ac30010cf7bcba5

SHA1
e8fb84ad536757994a17ec31489afe5db8df30ca

SHA256
dce2db56ffacff55e90cb62cc88a1ccba3db6ab27dd7dc677d7db34c5a1e499f

SHA512
a42ad482018b20e8b31f52df6b64e424d37b57c63a8351f416c365ff177897f5278b8284dd1ad7c58fdd36e8db2ed286b519118e722f1d6cff218dbd004b45e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fe2ffb1c764c4d2929c62d1804c797f

SHA1
680b144b416a4ee046623face7d8d55dafc98ffd

SHA256
f7ef8c3e774ef8f6745d903379e17889480426ea018b02d2197dc0740b5405e8

SHA512
7d0e1e85c6c36c6a0b946bbec15d4943c75cad47f1b80d62a3dfd29e4d6a2f889e3d38de6898fc8cabe5682dd836ceab95c268a625455bffca1324bdcbb54d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
351f0370584913e6d5834212ba0877aa

SHA1
888b4491ca0fedca53b0800dd9feda7859e43134

SHA256
8a8c75460573e0090dc0a9671e9cc66ada966c5c4294dc45788c8881c0c0cb85

SHA512
4e0b958723ca804caa5f6ebe3591b99dad8e5beca90a3950001821cc8a56366b59367bff1b06f14fb11552ba0143c7b1760a40036b2237c4390ca957f140fdb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64a1bd05aa9f90c1a3e0717df90db1de

SHA1
d389c0cce76b51993d8c42052152a2252c08dabf

SHA256
47f6fda20da8ba128308e3dde6777380149775ee844d5c3643e7276fbe0c811e

SHA512
a12ac8ff73c05ab71979db80ae85dbc86504160bdc8ef5433370ab9c0f89352fc965e4fe538640b3af2a9e498bee499ade01b4405c37c29e5be9a8a0abe4a8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1825acd04e88a93770390c62f5298b4d

SHA1
1a1ae0a24c06b02d34cc5eb9c6782847f3e241a3

SHA256
2da107e2626ddacbf71f66d5ab5f25072b1cf19d8efee0072734d95d84666653

SHA512
47213e269424511a8e52c8b2771cd8737b37b61e1159edaefad603d9fbfc64c931b388340bb07fdbabca4455b8b9a28c9a00b09842b9ce01770fd390388c933f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f76dcefa9944f0937422475be4277366

SHA1
0b1b5b7a2a12c04583c562bd581c43f9b63e563a

SHA256
1b64e078893b2e69caa009a8e375eae4bb92e6a74a0ce2bb6b1b709ea8e7cc8e

SHA512
532d8076d62226fade21e69e639f6942f070cebd8e93760b6ed6ad9a13e74951c6688e786e24b45757c0e3470e2bf9b47aa42d13bbbb8772405153eddb9bd06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1330c7c174f43da0f85d75a122f67ff

SHA1
3edfce1aae8dbe2f32a6b91d8887286dce345f76

SHA256
645ee25f6e3b77ec4b1d798d12963a79c8043f2ad5cba7c7d8a422a9a69a9d54

SHA512
748eca46486908da19c267cd0511d2a1c66a16d515027327a73274214e19cba6997f6f2139646b35d12dd33356318addc4ea06b0696f038688d16cf755623b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fcd2d8dc5be289e402c1648a00d0884f

SHA1
dbe3bc7a51d4084cb9c3b591ece544a05935c55b

SHA256
4ee106f6f7af13d1d9ac6fab1bdfe9d43d8c9788d5cf4f4052fe1a357278bc3a

SHA512
25b0498fa361019f97a4dfe8cdbdd28d35059dc8930655e74bbe503de98d36cba69239c5a06389052b928e25d5e264afd61a84373c41c713d77187fe01076d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b7b2.TMP

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14f86a6b71a7ecf3005ae61c9be4fdeb

SHA1
18d360a90efbf62a43e7ebf3dda5acf70bd75b34

SHA256
01d31fb5a08d1716bb4451a6fb78346000ed392f9791a7a5671f04c692d8beec

SHA512
466bf61b9ea0c90eee15ddcbb75127a1aa42815fa4b4e10aed693de196105ef66d39ed33ba5445d0e439dcebdad25b44c719b4a2171975467c6ab28e2e685209

Download Submit