hxxps://tip[.]neiki[.]dev/file/9cff553382285ca2cd31fae01a09496dffd56aedfd99aeb736c00beb149f30c9/community

Resubmissions

23-08-2024 21:03

240823-zv5z5aycrm 10

23-08-2024 21:00

240823-zth4zawdjg 6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tip.neiki.dev/file/9cff553382285ca2cd31fae01a09496dffd56aedfd99aeb736c00beb149f30c9/community

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
155	camo.githubusercontent.com
157	camo.githubusercontent.com
151	camo.githubusercontent.com
153	camo.githubusercontent.com
156	camo.githubusercontent.com
173	raw.githubusercontent.com
174	raw.githubusercontent.com
152	camo.githubusercontent.com
154	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{B69805A3-78EA-4AA0-BEEE-63164C5DEB1B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4488	msedge.exe
4488	msedge.exe
4016	identity_helper.exe
4016	identity_helper.exe
2380	msedge.exe
2380	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
5932	msedge.exe
5932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 1544	4488	msedge.exe	85
PID 4488 wrote to memory of 1544	4488	msedge.exe	85
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4176	4488	msedge.exe	86
PID 4488 wrote to memory of 4400	4488	msedge.exe	87
PID 4488 wrote to memory of 4400	4488	msedge.exe	87
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88
PID 4488 wrote to memory of 3692	4488	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tip.neiki.dev/file/9cff553382285ca2cd31fae01a09496dffd56aedfd99aeb736c00beb149f30c9/community
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd95346f8,0x7ffcd9534708,0x7ffcd9534718
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,17508261008798841340,6072690807724469085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.2MB

MD5
038c1f469deb6932520d09a340856ebc

SHA1
8b361a8c0489b69e9ef4e132e36f20c161c5ec1e

SHA256
5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451

SHA512
fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b63eb6869adeb11fc2e58423b29e67c3

SHA1
be41f2e9fe576ec9fe75787da96700b5cc9e4ab6

SHA256
d4e775822260249e37575597d82e0a212eba7a8d5466f84f2427306dc21445a0

SHA512
b064837a2c5a6e955f5c3cb1d957d8cecafbde44a6126f2bca48b4e09d2e8590c52750f03af1b69f29af4338b499eb16794ded8e1208a6347fbba5e546db766b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
20e1426490ea75819081d280df5f3ebd

SHA1
e027ba7c49edd1a982af11646ad5bc39aa1bb3a9

SHA256
e0ed13871e59548161d7dd93426f1bc1507d8c1dbb090d127890811535b25bd1

SHA512
199c62faa300f6a6b786d5b149dd9b0aba4a249936ffd63091c179ea865dd2beb33ec24237e3b3f9be275550935f177d7a8861c3e2698ac2335a036a413f429f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
919B

MD5
f9d485223912eec380faf2fa3afcfaba

SHA1
acabc98d7f87990effbddf327524fc347496dbda

SHA256
c69ad6f5eec9e44eedc7791296577ea55b4e0161f7abdd7e907bd28e4d325655

SHA512
cfcba102c14cb2526ba1d4b1ba3d54800ba0b5874e3a53b4c3c0b1c11d1f6c2b28a5dc21bd63e25960258ea3d88f02b8bdaa1c9e82f1742e4afd86bc0160fea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b869b69e107bc6985ec179678421328

SHA1
babcab9c325c20f93418480f992413d5518e525b

SHA256
6e34c76bb0c739ac1c175dc42f8b722c8ff289bdedf2abb5d64ce9443753046f

SHA512
b6412dd817e626bbbb5ae04acca05331690ca2734362442e099e5c9098020448069615a856fca6fff3757e7c5a16627f31211f07305355f2710d25fac0ae6311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
125acc73bef07cef7b9707e9e7dbfbee

SHA1
3e5515d89d19ce1c9f7be43c66c7283142264b2d

SHA256
7a43bbe2995aa59e51a41bbfcb3e60e8d69c82d1d0c51d6300c586c385c7c891

SHA512
4f09b45088d94e0e9561804a8ba87d1166a7b7cf8abedd557e66015130a75447dcea36aceb8cd70b24aebbc07ac609b46cd75269708874934821bf93939da678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb9e68b5ec2ab139390fc20722132edf

SHA1
e464ddb65e8d064b26562cd5b28b099d3e5538f8

SHA256
f5a3dcd81ac17c208012c036bae7b4454c41de16b82a45f4955313ba3020b7d9

SHA512
a70aa58511776f0d57d15aae7f00073aefba703bee158fe4feb950a5befb98483b973a201d1cb107fa96b37613c37a083f6d3eb0aaf0c5380854eb44a6cc4567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8c70cdf5f3084d09beba374a34e0dac

SHA1
3850643c1bfdcd77c811245bf3c9efa741035af4

SHA256
29c247544c8d25bab5feb466e4305287d8940b9baa21f9ec6eba6046ed194792

SHA512
610cea9a8a40308bd94d4f75474db34994a55e4df6aca6c83488947017a19cfd86a2d0ac5edd944e77bca30fdb267c82a9b05d2eab9570a264e7a7a3963069d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8fd24c79a34d070067cbd7053321378

SHA1
06da787c12afd8aee9e8a139e78d319370c0199f

SHA256
e9b618e10aa3b42240549bd0b6392a0ea39f38c7e6bf10b2330df36988e2e2af

SHA512
3e3392f8f5a07919cc19b60eac8ece787ce4812ef4372ae2cb0b2ed3ce51264ffc00c4eecf2eae56630305448ccbadd52ffac06f8aa83d61ba7cb61e392acbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c80b3851cad48996265040397e02cfcb

SHA1
0fd54f16340c50f9c2ff623f33210e774637ca9d

SHA256
dde460dfd7906b5f3715e368a55a0088f12ba8d631f80825da40dfe0afa7d257

SHA512
cee16795f603e1ff2fd49286e71093b82ae1a60839d0e6924d076bf474549c151c152488fab5636f1a75a4beb4dcdeff8e0c24004cc6331dbc45815464052588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16165fa110841d9238023cb4a6522e59

SHA1
ad82fadef19586fc80f2c32cca10b300559fac3a

SHA256
2e4abe8aed9ab51faf08b81d76e804b51a4ab2a6741eb4e4862068acc0448261

SHA512
f8449e6cd9804e7f0101326b3eb683754b796364978c6b484e1838b89ad97b42c3e0aa5e19f1d43aa27315059be6b7a9c1c13a8e919d4b227231b456292bcbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
241ef282f79d341b36b32c521bfb468c

SHA1
6643d0c540ee8b3b510c0f7d0a93cabaabb7da93

SHA256
fc8d0a8d5f1a6c4417f39ebef23035c2a89872a2db75b4efe55877b1b1d41103

SHA512
4e7a2302b95057c6750661a2ba272ed301b2ed237ec9bccf33dfabaf16b7f28a2cf94c166e10c28238195e235e0164f4ac78b3337a7a3b561f3317adb7b7fda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5964da.TMP

Filesize
539B

MD5
94e6f8f0b1a3a27a2dfb94fb83ad9659

SHA1
ea5a9cb72c38692dd8fbfc945ee91bac34fdff32

SHA256
8fb19f28c89a5705538bffa652e31b12af53cd90ae5224dafde25116b5867645

SHA512
9ef5696d81a6ebbd639f6b7c941d53b865297cb639b120789683683919624810ff57cc8936fc3bffbd6766be0cf7e1be88c56cbc626bcb73643728a029a7da5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6797d1139c2ee98e6014727f37ef8b42

SHA1
757f74799a79575243bdbd88183ba8bb21b0cc10

SHA256
674c0f3177d81c1a7fb524f736c02ff3266ba92139ab411700e28fe5fa6c386f

SHA512
c49af602d2fe0227c8428712005fabec56a3c832dd723d1bffcc42ae05f1532759d66eae84caf4962b695a3ce7a33a72bcb80eff44a6d13914803d39bd566dff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8105c303f8f9abb89e709cdc901fce9b

SHA1
5d299c8238f1c7c7ba98e44ca361ae96d9755a9a

SHA256
103197a83ac26bf1d050294a3a5ef4533bcf741d44c972f47a106d3b7a4fd39f

SHA512
c89dbe526b5d24875ed59da40cef01080202535c0f1c1683ab0dff1a73200ff278b766cf787939d8f79a9f34be13619d0d0362865bbb639f788928c190ed1ee1

Download Submit
C:\Users\Admin\Downloads\02d84ab808655cbe2cb4737e9c01544345b2f91bdfc03b29c0e061bee2e883cf.zip

Filesize
655KB

MD5
9b593e820ee4de9a28c18c6905256f09

SHA1
38de34b508b8dbae46fe6500b03d7546640bf736

SHA256
030bb262c95ab1b18f96c8d4a6850f725778835f3f59c8f9fba28d2488b31948

SHA512
a479bed8384bc6e9a27351489a9a8bb1ed49b0d0289d3c60fe7e85ce4de6553a304b6c1af2f0882b96f884eed08530db7921415990d151303f15e25087ebdd92

Download Submit