94423cdcccc004534e32fdd25911f8a1b51707315448cac2f4039ec486d48861

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97dce353176fee7824ee118af118a617.exe
Size

140KB
MD5

97dce353176fee7824ee118af118a617
SHA1

4df9ec185d958d8569c4627e6d5b02ae3c6397c7
SHA256

94423cdcccc004534e32fdd25911f8a1b51707315448cac2f4039ec486d48861
SHA512

d9601a5daefd72c17990ef1c6ade17ca507a1db6654670d9d8088be711e04c8bf24f2859688309f161743cd8355001a97aa3ed8d0014866ff085cfc70fedbbcc
SSDEEP

3072:XrKsO6QK/NyY39Tvq3UokgBzK0C7l7lrd3mbWrQvLjnlc2Nawgx4qk:bhVgCTmkgBzK0CJlzsjnmw24

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	97dce353176fee7824ee118af118a617.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2956	3408	WerFault.exe	82

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	97dce353176fee7824ee118af118a617.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	97dce353176fee7824ee118af118a617.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Download	97dce353176fee7824ee118af118a617.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
2884	msedge.exe
2884	msedge.exe
384	identity_helper.exe
384	identity_helper.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4728	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3408	97dce353176fee7824ee118af118a617.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 2884	3408	97dce353176fee7824ee118af118a617.exe	90
PID 3408 wrote to memory of 2884	3408	97dce353176fee7824ee118af118a617.exe	90
PID 2884 wrote to memory of 564	2884	msedge.exe	91
PID 2884 wrote to memory of 564	2884	msedge.exe	91
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 872	2884	msedge.exe	94
PID 2884 wrote to memory of 4128	2884	msedge.exe	93
PID 2884 wrote to memory of 4128	2884	msedge.exe	93
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92
PID 2884 wrote to memory of 4820	2884	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\97dce353176fee7824ee118af118a617.exe
"C:\Users\Admin\AppData\Local\Temp\97dce353176fee7824ee118af118a617.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 388
  2⤵
  - Program crash
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c7746f8,0x7ff93c774708,0x7ff93c774718
    3⤵
    PID:564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:4560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4236 /prefetch:8
    3⤵
    PID:2028
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
    3⤵
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
    3⤵
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10160997114577677233,2835155885618312988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3408 -ip 3408
1⤵
PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x318 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
41df38451f90ab9120661a29b957f332

SHA1
e22945980968259cb7429935b02746cb43ac9f99

SHA256
d9b2ccbfdddbfa0a6d01deb8641fc36d3d51bfc1a67dfdfdf16a00cab820f149

SHA512
30c9f8a947c94f88224892eb6ea2c0f080c9d1c5955c3a69674987ce743495f47f6c65c00315d37e53fd5563f1548918e97a0bc3939c93c5a849690039fd91c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
511ce6a7393b046e15cddb697fa0fca4

SHA1
d6e658e846fc0d3a2c8b4b84be607b1b277e9fa2

SHA256
8979e52bf4af17bbc00b7ee59495aad30bd023331f2347a1f56e42e640e226d2

SHA512
b29a830eac66dd470a182d65684eb95389947ec91d9d5fd44c0e715b26faabef7cc7577d75f20ac3466d277750743d802da9bc6cf8277ea850d3d4d7cc9207ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fbf97c04d59494d5fa953b354b135006

SHA1
721e3e388c169c44499a8ff5ab5fb10fca2c3f3c

SHA256
61cfc0a7b75814979c1b4ebf15b45e2034615b5f93d9d51504ccfbc17d46a19d

SHA512
e413ce39c109120718a1b0fb8170d7f00f21cb2181a9f64bd15d38849e12ee008d9dccddc89cd1352d2138e7118cb06eb88fc29c578818ca59779b4c130e76ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b5f2a4889f20b65a532a0ca2ff0a434

SHA1
db55d65dcc6e0ef0eaa490d0a127c264e6cf30b9

SHA256
3741239653d8e9da7a1b2042750418cd6161c968e6e84d77140e6ab8f86d404e

SHA512
2c4078ec80ccb8c1c8c22258f8e4bd5759cc5cee2bad562f29b7cd83325c36aa45015f26781ed2d99c13ff6eca536dc2ddead648cc3734e237b126437bbcb857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa5c7cc59377861151c5203d93ef02e2

SHA1
f175104ffa67863272883117073525b20107ff4f

SHA256
6c023fefe2bc9f0d843ff0ab1f5d91886cd50120f128b3e788e560bda5092d3f

SHA512
240d63196ea38f1a1c3689083bddfaf61c02533b019b9d172b2f58f8009bd78f5ac0230e506c97e22d1d32d5ec298890d2efdc2e6604555485486edb20b1ca57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5a62106b-e707-4df2-9c6c-732b787a4f17\index-dir\the-real-index

Filesize
2KB

MD5
b985905f086dbf6c8a83af39057253fe

SHA1
d5bf6320a75d497f46bac1332a944e8f1373d691

SHA256
4b8dc963010dee9eab2baa0fcd456dee1f0060432c39516eb56c4dd0cca2de7a

SHA512
10c77db69af808a7127fd9e8f45f6c8eeac5503ce70c628a39de62eb875d6990397728fc919e13b1e291e54c745f508d630992b218ae784eed6a0ccbf61f61de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5a62106b-e707-4df2-9c6c-732b787a4f17\index-dir\the-real-index~RFe57b9ca.TMP

Filesize
48B

MD5
709a6c9d8efe0211b9bb346b9e6434d7

SHA1
5e30243bbf5959aa5af9f04d6d2c7fc47777b19e

SHA256
f57590f60153b21e570cb0c825426d9484845b183c226e69947d1b0f773981ff

SHA512
59c4505e1344083db5737cebb121722b3b5faa6b795f2e088cd834e9e0191bfd31328999600a64ef6f1b746921b51ae17884a1d515669309915a365976e14fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
0ba8ccfd719db8d003286831fe0123cc

SHA1
75656df260dcb3f551d47272aea065b553467b8e

SHA256
c7cfcb4afb2bb1355456ca78467683bb66644d87190a3305e99de1c7b4680fc6

SHA512
c15ad47504ee76fe4f0656b6d1fa1932033edf4d7f31eb8c370bee4c363172a448d84db57f9f6124018d95fb4132d4e3539d38e1fa1c739b1749d80f59d04718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
493a63ecf6f4be3258683c48bca4bde0

SHA1
11aff9c781f4359961a01e553d8ca3c67dd4aa85

SHA256
9ade9259ccae088854becc3b153e2882a52e0598f1bef5e91d43a2b230231313

SHA512
c779204cfa6890621e33212ca4e95725e860e268e7cf6f7a339750fc14e00eb4bfc0c79f015de6f0b297550d2d6ca7f35aa41314be863fd23737b57d052785fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
bf644b06ed3364d3086111e8b99259f5

SHA1
ebcde2ad062c8135de0076b4fbbcc0cc8fd80ccd

SHA256
e4c57e74d898bdae31f9f5915f3251f7f7b2136a4d8689827e84122a38bf98ba

SHA512
04a209ccc95b2ba9aaa43b5b5e53f1805c086278cc226442243a9226d10774bebc239b3e0999aa5f8105b6dd225bb398a04368f6cb367d2de1d5f83a108a79db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
b2facf0c8e8fc8649b86b8561b2afefe

SHA1
a68f5f7a9536963d12677989e4ce0cab29642983

SHA256
c23c823b3be1dd0c21b2589ddb49b3b4adedbd77ccadfbd8191e0a69c8e379ec

SHA512
36fc53dca14af0eced12211f6cba097a24898bc7d87593de95905a45acc8a52fc8140bee181e388a6337f1c34b74bf3cd3c2eaa6558045a924d6f37a038dc80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
27e90876f49a4e3e91fd653da88423e3

SHA1
25d3aa7ebc6745f00361f6fce3c920cf0345a46f

SHA256
0f761a827b7620eb470914fc94041cbaed255d567f9f7316e23904b97f901a99

SHA512
caf6f5ed359fe99c2ed53207ded4edcc31b46d47fd6a300b3ad038ac71446f7e8029bbd582d052d4ad4bb16bba5aa6349be718401c1ed68898c774fd64531f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b546.TMP

Filesize
48B

MD5
a5f766ef67c92f86e89ce04ade920466

SHA1
d30b22830e32538965c76f4ab8d2d1044f3210d8

SHA256
1ad655c9cb2dcde476576d719c982913420a43fae7fc2cec3386f6cc8450c1ac

SHA512
a923bd1d153cf5f64bcb2f05c084ecc3e882ba72e04d20bab88960ddae92b0021fddcf49f134d46c69432dde24620c34a975818cdfc984058abd6fe17a4b997e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d67a283b93d6abf22c4983dcf2e4147e

SHA1
6bda195a455044c27c4561fbf35c8da2a2cc926d

SHA256
2813069ee9977b3b3756d9194cb391bf6619f5078d788bc25ab3bec93a77a474

SHA512
699c2cc7597463b85a339e9fb2fd9558c61c2cf46cc5f6536c18dd46b1a9cbe764d2c922fb0a3c21a957c29af096d9ad0d333a5e61d85275de6553a63cd8ef01

Download Submit
memory/3408-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3408-7-0x00000000004E0000-0x0000000000526000-memory.dmp

Filesize
280KB

Download
memory/3408-6-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3408-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3408-2-0x00000000004E0000-0x0000000000526000-memory.dmp

Filesize
280KB

Download