hxxp://youtube

Analysis

max time kernel
161s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{AD570674-AA74-41FD-80F2-60003F2DDF93}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe
1916	msedge.exe
1916	msedge.exe
4788	identity_helper.exe
4788	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4596	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4596	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 3996	1916	msedge.exe	89
PID 1916 wrote to memory of 3996	1916	msedge.exe	89
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4388	1916	msedge.exe	90
PID 1916 wrote to memory of 4168	1916	msedge.exe	91
PID 1916 wrote to memory of 4168	1916	msedge.exe	91
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92
PID 1916 wrote to memory of 232	1916	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc072d46f8,0x7ffc072d4708,0x7ffc072d4718
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11399848698094657861,6125167410910627512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x48c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
f6c9074701c933fe31be62e944131118

SHA1
f2cf825a2034ad2c77d0a9ed65d60fa5bbcd392a

SHA256
974cc83a58ceb3b4abff56b2c00d8a2aa01bc96d6d7a252b47bc28d789fbbc11

SHA512
c80912a0f6066b7302e8bd4876b3f289cda7de3bbc67db26e767da0769bad08254b9a35f825367a63879108cff4ab782ac2604c355235fcb5790cce0f0659342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
72971ffa334e6fe8934fac004c1bb9d7

SHA1
92a1abc05fad78f504681c1689edbaf927bdc967

SHA256
dffe975f44ea33d0b1b11d5c617d865ef20d2814c7cace30093ce6c85d8c9d50

SHA512
99419687dff572448e2980e9a34e142ea2863b73f2a9be545d91796f899d506d16a1c6f827ce1c4d78c0b3190aa014b765cdc207b2f9303a8c53adcf10127a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3dd85dbcf5f3b25ecf030dad9afbc4d

SHA1
6e22f0925ce691bcc3581d646d2b1659e3da7a09

SHA256
733e3ac2571e6f606d72f7f64cd3587377fdb907bcddcc843371a810dacb29d4

SHA512
a13851e59c18b577d12057aa6f0b42dd9fb82878669c1a07c73b32075a1c6b151bd12517390060b51fba4300e689971efc5ad92921fb27fefe2e48e5bd97b60c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89ce834aa1237998c0518adeff1ae27a

SHA1
415a98023ebdd5a923b1dde3d128c07af5102fdf

SHA256
504296e10962de9623670b750606ab4c333c15ad0f0a005cde214883cebaa1a2

SHA512
f598ec9cdf59717d4f96f25047e2d1a51271ab333ed31d0ae99f68a383c4ff63f7227ff60866e51001badb1f5918e57b08110d79a96a664065eed97f752df6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0243c46913823fefcb582b92c3f04ec5

SHA1
2371eb94a216089df2d94902faaf608854255728

SHA256
9d78a0f8bedd1603bcad3a121989c6b46db54e5b4a935d544b66a738d060dfd7

SHA512
487c58081f42869708b87a68757bf6de249c5dd31d09bbf3d8be71132a74b14dedf4530444c4a7c5e85676ae0eb9512c0337eef4b31f6832462aa7a83f2a6142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f0273af04c3f83cefdf492d78571db2

SHA1
20df664c208192d12000e4efbd78ed92d7d819fb

SHA256
501a8a6f3e8bbbc7401411ae53be6b50aa39b6f6af0ecd9ff39a90928d53ad7e

SHA512
961c024fa22aebbc95875c36fb98cd7ebfaf90b202a5455c35134950198994e499878282d8c21457b261221133c00d85ad142dfb850e7bfe023014f56109b5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ae5ab7e7-1511-4433-9bfc-dd6ed97afd59\index-dir\the-real-index

Filesize
2KB

MD5
6b320a43d2fc46ec85a1870f1585590a

SHA1
df83396e62560ecfcf2f6bba57620c1c08193510

SHA256
af34e66108088e3ce0dc0d40b5ad665cc4b7d5caebed4edf8b8a508e9aee7761

SHA512
568eb0c370f59ca2c4aa50b4bdea05bec623ee6945ccd1bf54c8ddf070b305097923e46ffa2d4d0061883de5130e3ab496c3cd67fe8fc45d44d7de68ba1f158c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ae5ab7e7-1511-4433-9bfc-dd6ed97afd59\index-dir\the-real-index~RFe596ce9.TMP

Filesize
48B

MD5
87a89f1710fb38ffba98aa6b659a33b6

SHA1
63846a4b1a4afd656fc7b476502a18130ad73cb6

SHA256
61895ea47ee7603d684db5f56917cc63128567799500b10a7db27cead6491402

SHA512
8657bca87678aae10c2f13c317880837922d016b3c61bf0ead81790054298bd57be38725b04b083d6b46d7cb4c6ed170c69c759fcc3dc85c177f9434b179fa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d5a8d88935a501b7ecdf8ce7c5cabaca

SHA1
0ac536fec5f28c139cf2cbe4577176c92858fc79

SHA256
85af469e96216e1e46cdb61424c0f7fdcbc1865e6a1c8d85351c5be6c0dc16b3

SHA512
b1f2d9d2e43bcbefeadd31fb4821f56ab4ed3ce7e8210c22a403a76d8975b0afb5bae6685649dd8bd16084f9953e2409595f5cfd90c3c142aa618ff929455eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
6cdf3dab9139dce366c526b0dd3b1c1c

SHA1
a60865ff6b6173ff596ba8f58b9a8ad833e38122

SHA256
524eda0f74c5d65e2127e6c5502f355ac8567cfd9d17f5b62215e085bc292033

SHA512
464fe141f89e79769ac060279cbe77a4f33183eb7e664a5dd25e7db65e642e47d8a60498aba8b18c3b5c4f310180aa71b11fb44e7755658c8d5d3dc71a19891b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d0551ce982223e2d598c1f42e9b27e67

SHA1
560475eb7e17af69720219abf80e286771a30497

SHA256
5b6a57295316dd8097df30cdde6d0da87336a0ce6d851456cfd150ad9265d91b

SHA512
a775d79eb9bcb3b8005e0a23de3f1a918be6f2b6c56231c5be26102fcf8231dff741d04c3e210bba29a96bf6aadc454c5483603add0561eda0cb600ebcf353a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
b56f1337c613c4e85c151a0554a25d62

SHA1
2d1f1c01277236a96eb034b69e73ece79dd54e46

SHA256
1c849a4dd40339848380cf72313be7f877bf499f874470a41e64af069c35efb0

SHA512
e80551ddf14e82d0f78cd2d7431284219941f8024ea20edc96eeae5650ad11ebf1034b8abc77601e1f84907e999dfaa7c0b3f017d0cbb3f28ba2ee1b3bf07c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5ba810ee26aa8e7525abc76b165519d5

SHA1
08c91557b22960b60fedda8bf670d7fa36cf373b

SHA256
02b1a4cca24948efe2b78f7895234f0306fe553cca0126bb711e7177bc270799

SHA512
67790b3209855684f8e4089e5251b6a46a0b64a3b7ac0f8859ea5643852ae37c882a760edcd6dddc45f3277b0a77786023d721ce88837e116911113a7f8c2a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fcca.TMP

Filesize
48B

MD5
7161401f676a48ea424a3264064097cb

SHA1
e1e4bc0e5ce7cf0f8c4ec2bcbf04e4e39a779760

SHA256
2bb7a51ec4bb0e7e60270a88a4635647805e1d45d560e49689de6b006f1e16c6

SHA512
19f330ff6ca2d7d1a242d1f40afaefe6e969910e4c82e8aa8ac7d7bf7455fb5ea56f287c448d3c2cea0d594064f2310e41e0c67c187ab9db62ae4d7c756bbe00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
ecb1e703fb4d56009fad1f7067d2cc6d

SHA1
4fda50d14ffdc45ff434cbe780627725304de6b8

SHA256
3ceb9c72c8b067965c6ee591e0e1e940df2cb6bb74bdcb114f2458497ce37dda

SHA512
09ec446dae1ef937a7417a8b5e085868ddb9f9c5bc625628d5b0a24b9204d6dcc483b4542d56004ca19796b14b63399bb360a07630a94d47e08439a3722a810a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
f721d69f47efd3080116e459945770f2

SHA1
0e44763e6f80eb6f5feb8ea36f47bd040c2ff29b

SHA256
8f14441bdef3c8d0b6442d54e20561c08a57d6421effff7c3cd6a923c5a561d9

SHA512
17d92fdb4b13ea304b09179ca25962b4e40830cb540bef4c8f35913dcc5c99fd7da4b2b80a30ba29fc6df9542c284ac418d4f61cad388006e2cf2b007bfd1ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59135f.TMP

Filesize
873B

MD5
5d683006fc1b6b0ccd65598fa38f19ca

SHA1
5ed6ef0ef250f6c6da8f36f9ef71b806284d5c6a

SHA256
24056ead52759364a57b0f6c541f402916c7fba0d5f8322c2651897dd22e085e

SHA512
18bff77e25c875defdfd5c8f7c3b4abf75d3b0eed9c1793584b355d923b2ab88308a2472abceb1b6824159e5495d1efb391483f18d355a6828e4b857eb623778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6915624821c88a11bac426785a90ffb8

SHA1
0e4b84061c217dfd5dee9d1705438fe3cda1e7de

SHA256
5b2ce88cf94b230b20b23142c3eebd8eaed7965f57fff2df70edceb79d0240fc

SHA512
22479c1527ab6aff1243d8432da8b4a7b1718242ea3779b3ad5b61ebada526db3491a3749fc4dfdc78f52c36f383f3036b7f6aa7ceff8d5cbd93b48df0ac45ac

Download Submit