hxxp://youtube[.]com

Resubmissions

21-05-2024 14:37

240521-rzdsfahe3s 1

Analysis

max time kernel
1789s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
816	msedge.exe
816	msedge.exe
1548	msedge.exe
1548	msedge.exe
2836	identity_helper.exe
2836	identity_helper.exe
5864	msedge.exe
5864	msedge.exe
5864	msedge.exe
5864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
1548 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3624 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3624 AUDIODG.EXE

description	pid	process
Token: 33	3624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1548 wrote to memory of 4824	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4824	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4872	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 816	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 816	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe
PID 1548 wrote to memory of 4784	1548	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,3942560350982593983,782369158676486172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2dc 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
cbf6e674f36bc171ccff0fe986ef5ef6

SHA1
75e1a14446f0b7997beee1c99f0e1832b15f0788

SHA256
6047289959bca07af48c9b8f203ac0f3a08b8179ffe3da4741ecee34eb9f5332

SHA512
dd94ded419e82f4bb992f76ab81294378111c74d3bda1c5a3d6d759c4bf20dae03922f9d6f9dcf7db022ca83cbedb1c08f56530026147edbb48a60bf26739870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8b79b0e5914dd12d6f52c54f8208aea3

SHA1
6085e7def5208e2c400284628122241821bff502

SHA256
633b07b532bf5c66dd6c96de2dbbddf158d629b52dfb9c3ece6f38f03b26e78a

SHA512
0caa5d96f044db320fe8ea55dd3f69ea7c6720f56e2b0129ddd0d78de782d892897ffa636956fe2cfc81fbfafa4ccbebb7ce64d86ad01da3bf0ecbfc0f723f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
63f5e34951f1b4c212d592a0afed3419

SHA1
7e6cb274a6e8a270ffc4f292a793c48dd36e9a52

SHA256
d14d24c59a3bd0a48b9ec1a92197b67d4a2e7be2c4fd1b3d8c494a5222e40334

SHA512
b1f098ff5ad0d7416445ceb53eb7facea9a08948833f2e4ef77a17d0b622409ec103b8178312e76f5457a7415ec14ab52d646f4fcce30cb15e6b1c44047b9570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
48655e94f94d3a67ccee1d86fdedac95

SHA1
750db5174f84d64ff5a99e0df1c4fac24ba05faf

SHA256
661457048388ff016aff4e3aab230eafe7bc164e97fd7d6ed76eb1cf27b1a451

SHA512
02c7ca4e28e3d0f46dc543b0abd159e8d3505ad3508bd21e3f5b8fda591fe791618ab473bbc8fbe799fefd258176ef135be423adc330da948c271b73899a8d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fa47aa40a8d718289db8dc17c6c3a5f9

SHA1
5950c7127c3dd78ff380e150f88384c3647248fb

SHA256
e1a0f65e8c699f66c752a7e83636ac9a018b731db576c28ddbab0877288ff005

SHA512
bd5ca5d0dc0bd763f113a4fcb1a75ec8757027e47b85586e90b5de77fd3381318cc965cb85f59485c1da7ca1fcb903501619ff2b6f6da09281564e889d0fd30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cceb1cdd9f293b623ebb2550db95788e

SHA1
45e600c0316ebf3815b17c000ee5f1ce05a0bbd2

SHA256
ff462cb29a8d42070ac7a9776cc5799fedd076c951baaa1eb2995e03c860ba22

SHA512
10e756e258eb1c7ae7f51d3d1a2f36a00f739e865ba8ab76318478606cf1fdd6c5bd1cdaeee4ec6a3f3c3469fbd608e560b3c3c3691a77bd3295f8d6969f57f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbc63945034e3a3bdbefeeb76f2eb752

SHA1
efa2cc582421348788b4159518d6c305e4c89b2c

SHA256
3c805518ae9a50d5842094d6f2ff8a63559ab25bbf0450b443c94412886d1a8a

SHA512
dc81c7e2eebceef2c5fb98290e84b9ee450d3cbe9a67bdcb28eb09f8477b629ee7c773685b69cd28777bf2f40d3d467638590c18ce0033e239cd7720090f1dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f79a146be62c80e861e24537cfdb54c2

SHA1
3e09c519df6c4d2b87bcb37e818192ac91ccf61d

SHA256
39d07353d4bbd6ff836e830bfe8580368d59103f2ddc29e2f810412ce02ecff9

SHA512
8924c84bef5543aea8c7ffdfaa0c056ba3d88b142155165a51e2f9cda9067c0f5644ba3982634eba18303e651308d4100e47a0712bb347af9dfcbfae96b7c85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b8e3885-b53f-4611-9054-4f180c514b6c\index-dir\the-real-index

Filesize
2KB

MD5
c6870f8e1b47d12c886f90586c398dcd

SHA1
591717df9810db4b932991c8d09973f899231b47

SHA256
d431ca555fbd218df4638a26e5d682bc32cb3fecdb8da48a87671333d17723e1

SHA512
20335391367adb7a0fd5af13de448529360eec53acf88c29b2d6af456baf148f9797db2efef4a9d6150c49d1d712c5245a99595690251890c8f7349bf4aceed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3b8e3885-b53f-4611-9054-4f180c514b6c\index-dir\the-real-index~RFe579f3d.TMP

Filesize
48B

MD5
6bef4e8e6470c1846c54d182eab28e22

SHA1
15cbd710520f1cfd98e3de316cc89a3c32257802

SHA256
97651732febeab4a2060f551a997d4f2dbf61851fa4f3db77af9cb24b9b88520

SHA512
cf938275e1bfe7fd5963225a31ed28cc7d1d90971afd4f338964640cf83057191161b9c4dac7f0738a4a7214998ff4d6c00abf31189412f309f6d223cea018dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
fac75a871ee6f61ad7a20f8b70f9c83d

SHA1
de074a6d8a929e0b3b390728d020bd159f2eefb4

SHA256
76611b0090573660bbbf695128430f29cf92ba5705e259d2414fc1f7eb00b2bd

SHA512
bc3a0d99124254eeb66346d4552ba2cce4640e08b7d80239fa418315e92a7d85f90787a9da96df17eed67d6d085f77e5ed01ef4034f0120c88f30a25879a570e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2522a090d67c81e819a1051988c35244

SHA1
c11fd760ee6baa32d16dd7b064bda2c44ad38e24

SHA256
fb96bfca4492bbd73499332c4faf262eb743219855cc9b90daef2687dfbd7b52

SHA512
3f08c7a8046f58aebaf39ee952d1685ad40bf030e84a399afd2cded4ae18ea8e849b3396a8022b55b96dd431957affc5ca523236db9a9fb22824cadd63a24acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
353f477631b638248ed7ae5b4c7963e4

SHA1
37de22217e82a5de8f833b06f7f608dc0616ab20

SHA256
44f472e2ef7ca2a0f2f9f5cf29ed2863974e171133a49c4d388812b9165b7248

SHA512
24d119a36cc2a0306507cac9883f3c4b8c65d619d7df11748c90052aaf6ab733033cf2b0fbec3da78249799dd3668b5ffd8f590e44413cb3fe48e308875a4d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
a70cc8b69fe3818c3dbd81c51a95848d

SHA1
e7f00cf8488f30219b591315025b4749833a8b45

SHA256
163698a5f4bec2f9a8a559fb9eccabd1d00751f63a960e9ec3dfbd0b308076c6

SHA512
baccd474546dc195b1a8e4fb62d9927cf2a5c3fc8a0588618688d4201bcd921fcde9e41271052b68fa75ce6ee2a09b4a474dcb9c72afb91cd08612501bdfc759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0768b8bc761802039ebf357cabe81ce9

SHA1
352177e9e8cfe90f275181a964db279ef109d36a

SHA256
5aa2301c9de5311b74c0484e16483687cde264df0023d9adfa269ee13cd8b6fb

SHA512
ab63b300d549120698eec88716c88e0cabdb4b12e018f39add47f11ee2b5ba08648507318a5cf85fea554ce3455c5d416979f494dc17dd8e6bc2c7bbfcaffb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5799bf.TMP

Filesize
48B

MD5
071c8c597417ef77cf3c0c29b9b5f8f5

SHA1
ddeed1f13dbf7da6e6350f271b4b2bb60961e4da

SHA256
dee724c5697062db6b4a84bb7848e6a08fbfe2a98224bf3dd78de295475bf9ad

SHA512
a0e9a367fd4fe1d0ef0a001f862ce9434f502c8813c8024a297e0650620285a0fffc4449d6d7ef962f8c35dd7b67cb9e82931b7eb94735d128d956d6cb903383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1caf08d2425ae7718fc9ce4d203b3871

SHA1
473bb256bad4e62042178887dabbc609b3290421

SHA256
bd09991ab079ee634028cc6ea8f004772791953fa5558f5092fefef55cf1318c

SHA512
70c5a37eee09139570e99963b2007810c9e8cf20f2b3284ec3ff0e018e1df4fd4cb0b095f33f9ebe858110ff304c02f980a7e2a664b6bcdde14aaea17499b151

Download Submit
\??\pipe\LOCAL\crashpad_1548_LKNKFWJQIQENSUOD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit