5047d6c3d984fd2e1c9ccd014aef7295d6845477120ad9ebb0f5656c358058ab

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www.mogelpower.de.url
Size

49B
MD5

3f933ca047614b6168bd41c6e1bad4ef
SHA1

071c0e401442a894da1b7e98cbec931c62c3f4df
SHA256

848086f91839631470788b9e049d3be5458a6d0397c0ac738adf568368b53601
SHA512

6e5d0f5d397007661968f88f25ce4c44dc0de576b46b8f4893ef1bf3791f0f9e8e794aafb32bb7ae7bfa416611e70347b2b3745d60623406d8903439d5ff8baf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
1608	msedge.exe
1608	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 1608	2624	rundll32.exe	84
PID 2624 wrote to memory of 1608	2624	rundll32.exe	84
PID 1608 wrote to memory of 3448	1608	msedge.exe	86
PID 1608 wrote to memory of 3448	1608	msedge.exe	86
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 640	1608	msedge.exe	87
PID 1608 wrote to memory of 2080	1608	msedge.exe	88
PID 1608 wrote to memory of 2080	1608	msedge.exe	88
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89
PID 1608 wrote to memory of 2332	1608	msedge.exe	89

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.mogelpower.de.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mogelpower.de/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff810f646f8,0x7ff810f64708,0x7ff810f64718
    3⤵
    PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
    3⤵
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    PID:4232
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:1416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
    3⤵
    PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
    3⤵
    PID:5980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6480 /prefetch:8
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
    3⤵
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18358274664494410161,14096770565166947148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2fc
1⤵
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\441b1ddb-dca2-4918-9e7a-f9271ef9f021.tmp

Filesize
5KB

MD5
93e436b4925364be7e2d18c2b1818038

SHA1
6499c676203839a35516d5ed3bbf65a86ef484fe

SHA256
b5a55478c49499fe5345747928139f568ed3f1c13570fee85cf668b3f17396a5

SHA512
7dd1754488328a0aa9527930ed0133cdf813c5d85f1b056005027093a7c4500555a3a00e4c35361337528cd790f9447eaa056fe08e06cfb724d6cc38462a2cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
640KB

MD5
56c73eaebf192d75a9360bcf83ce7777

SHA1
1fb9ef0efaf1b312da1a529749ed1cf759868240

SHA256
73d01a9171a0c45efffe96815c0acbda06c0d5f54d200d7ad4e76444db12d05a

SHA512
d8933c916fdc413c5df4cf341ba707265205dd94da242e897d235e49e5d30b24d81c682f3b36bf9ca3e5df1786d64d7b838ab4c84300ab820bd0bbb66dba3ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
d5f3238ae7d4a6448feffff29dc016bf

SHA1
3a466519ddb079cc97b23f1ff7016408674f2459

SHA256
94a2b1f098aaa18bf09ad84c281b0e3cbb90107abfa70d7ea815d3c2516b7f4a

SHA512
b26797d3145ba49909bd56fc3d04b608075d01ca65add1e04722d667a4a33d876704cadfe575aaf5dc92c60db004d75e03154d67253c3f383807705874cdd423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a15c430172834f0cf22a00472972d3a4

SHA1
02acca816749866cf31e37282399d312d2ea6d79

SHA256
50e9b60f44381e0ad0e758dc537fdcfd8e20a95c74d6c65145a91390b97fd305

SHA512
966d57035a4a2a331bed41e9f212908b98b0d710d001af800a90670b70fb0c8bd24b808b4bad2ff2137bbc25b2203eeceb449c4771008afb2f1bbabe8242dea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
a2ab56f0d1a335cb845713ca6c55ea4e

SHA1
6289255ed29281619afb72db268d940baeff90f7

SHA256
3e77e23520d0643a0da37f3645ed50407855158b006d2bab6981b05146e4c79b

SHA512
29762f4e0ada04e2bf3ac0afce5686fa1b8d1a87ad84cf7b866f147fe25e0edc942eb04969c491bc6228103bf49d114852ad4e2b7521d8e2fbfb60e4c0d91e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a413dd4b673d117e8be25f136eb07d42

SHA1
d9dea700cfdcd84e06f773bfefc99c5565a949d1

SHA256
d5f65ff35dea09d8f51b47b4704442f41686f368512062aa4f6694e6090c018c

SHA512
452b290519d34edd76f8ee9aa922d8b22809fd3b0fd643c669a5890f2a24bc4db531c6c57a0fd0c799721188ed5b40d4f63a8a085e735888dda1b18e975eaca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
82fb3f67f447d88f7f6972a5a80dbb0d

SHA1
6e5e22567493b5e981068f6d9cc06913bf80a0a4

SHA256
3e1a19a0d843dd1e55dfc3c139bff5cf9fd522f968e31dd426443fd50d5e7459

SHA512
6c4b9c8966a1f039005b551a37464082f1fb1e7a8a826f6730f013e2df4347f2c1905fb032ab4a2b8091ec8b3464aa6bbe3507b9576815f8386a9a0054b7078b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5c4e803d187dce094ec889422b12339

SHA1
62c34badd2f9a2409d1e0bd6cd1376b21296b3a0

SHA256
326e1d8593878dbeefa9de3fff752068bb797f4fe9bc4ed95bce2a5d0621ff1e

SHA512
06c0a7186c0475e3fbe4e9a55f52db5b6bebb5eacf3d503750d7171f63da0c5151a5f056c51f54a5b8b566e3a63f4ede84bee2e37487acf3e4ce26163a1c5e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b90bc02553c0b14e634c3b9e78e90fbb

SHA1
f728ad88a3dc426a2f5d7b5f6758508e6e08198e

SHA256
77d82c7824bba2a80e3ba2c20c4f386a89f877bf46b1cac12b1664b7e2058795

SHA512
e7e58324989f9e68993bf6dfcf43b822f426e4c3904e1329964de1f7dc9f472fdc28a95a9872c57186902b440fb5dc838db765bbe8b15944df5c5c03a747165e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
786bce4d7274fced418905675b221890

SHA1
3a800562b9c0a39b6976a35f7e329b6814f9c152

SHA256
eaf4dfc2e0e1fbb72089dfb1b02645a38abcffeb7f3baecc284ac02ecf9bd7d9

SHA512
c5ad77fa15989b5b64d8dfe62dc82de38ef834583e62826fd381cbb0ac5ff9df54f7d93afb71dd6fea86fdc1df3b35afe8215826ff6e27d9a185d3cb7fdf9dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3432ffdd298bb990fd0c871feac42c7

SHA1
c2d4368135c0ea92806597a002e6212fbb51752d

SHA256
5fb7e52fa188ee6942be40c304e7386e3868d4665cc96cbb17f23c511d3156b5

SHA512
584cd2463020ecd760be605874ba2bac4747220e32cca8e0427188b3ab26aa63660c23e49f309a9659babc3ce07b87db8df03f2b62977b0711a4622f6695f789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582c99.TMP

Filesize
1KB

MD5
18ed5a080ac4d7fccb6c8cc366458ffe

SHA1
bbcd135856811db9681bffb1e8ee18f1854ef2f6

SHA256
00aa731310bd753e7c2a948003763566af86d275b42408cd3c4495ded10b6771

SHA512
2244abcc5519c0440080a0eb76bb61f81b9baea4bf280614175b9feaee26852662f54ba7925520556f397a954aab94813cf3c04b151d2b11d7957c79c53d1f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79540dfcce8b0cfb15678151457bca75

SHA1
5b443015eda0bffc6f6cc362051216b5d36d3300

SHA256
5c00d8d2133a74f6f3316c886a2d5d9804d6446d03047a83fada14866a0bfc82

SHA512
7bc7bd8ad93dd3bebf414a659da412732d4d1d990c53dbfc9e257dc72b37c20c4b3d5033ecd9b7e7cbfe607212237c72149042cf36841aca216081d76b0964ca

Download Submit