hxxps://www[.]youtube[.]com/

Analysis

max time kernel
61s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 09:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 334842.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
896	msedge.exe
896	msedge.exe
1832	identity_helper.exe
1832	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4396	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 4408	896	msedge.exe	86
PID 896 wrote to memory of 4408	896	msedge.exe	86
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 1924	896	msedge.exe	88
PID 896 wrote to memory of 372	896	msedge.exe	87
PID 896 wrote to memory of 372	896	msedge.exe	87
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89
PID 896 wrote to memory of 1520	896	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a2146f8,0x7ffa9a214708,0x7ffa9a214718
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,17681440148150134287,12531058741077521685,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
ac415b91fba1a16330435a02b7e19e2f

SHA1
0448ffc9cf90683edc782d3812dce26c12dded5a

SHA256
09f456db546ff2af18e67ed3683ceac05d40114e469b74e51855cde31361f527

SHA512
dffaf0deb872d6ab3968140a0f3da20375684b5b45e6c4bcdc3c4ea78fcaca58314ca4c50526bdf3085516a7287d75b77c567fef4e0b6ccbfe7697185241a4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a74796e0f01827b5e64535ee40e1f47c

SHA1
de7edf6396bed66f7763750280e0c044b541abf3

SHA256
473fef53885a852f2f2d904622b45fe4555bb9490023e53519ca9718963e235c

SHA512
1ed1b08f9687260841d7a5e0ae83c518a30193f4e74b5bc463edb47a5c29bf4552c073ff9a6807004af8ec0ed086edf527c24d267ece152307962cf3b1cd3185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4dce28c99daf46e2aa3bfe5b67c691a7

SHA1
24a248f801bdf5bc21997ee7b57c883cfd0e9d96

SHA256
9f26a020514090ed4d4984deec3ced903d8979ca5ef4096925a8209cb5ceb8b2

SHA512
f066032b7f9ae10f52ff712234b35c000472e2bf623c1df067ca1c298696c1778c1d7ffcb79bb4ba77607e3b8ce5d761f464c9595d49b289e1d06a665e4b8b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17c4776b8528964c1aed2a72754ab888

SHA1
f39728b303338e6c5ac6d9c7487a195300752c23

SHA256
697fa6830be60cf45a4046c76cf4f74802467eb5ab6f9534c4b6917287150f83

SHA512
42171bdf1e5d1359837af6b58e22475f37b1ecfe47fa3da7a28d70bde97c6b5ec11cdcfab719c80c32e99fa5000f5b6c45c87cd73d8241d501b1b974d97be190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a0a79df2e2dd6c652eebef2f151415c

SHA1
b98a2746891c5798b93aa24f95303be97f42e6be

SHA256
5372bdc5d26934e3884c9677e0b032c07f28b2bc231a575b6683cdc7245d8870

SHA512
d065ba1d59ae3bbd2930106ab70e6d60be461f8da8a630fc660d564a14bebcaf40818d26e0ce93de5e6def0d8433785f279c06860e9d689024faffbc7cf27cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a0193262581dd791d6c066ae7b87401

SHA1
e5b2d190f992f45afc6dda9ed6c8bcde6b1a3ae8

SHA256
1b37e240ebdb70308fc3035a11c68c0ea249f52b51a320c0783696829f7cd4de

SHA512
2792440427483a60473b60fcc704db90bf142c7886a116c5597a871af4a239ad7195b793b219a2eed14bee06e15f3489edc43f0470b9dd438c0026c71c64a898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
deb1b10d7ee2a4c97a9293196f2fe1f5

SHA1
ed815dd29827b241dc9a3c63b936e06b5831fe1b

SHA256
5ae4c5e48d4c18b082876ff8b3c042bc01b7d03b8660960cf849e58b8162a321

SHA512
d96134b3d3c2789f9f0fdb405a5cfa6797deac5f414a9bde143306f6d022a8b21f0c0e0b630341d74b2acefadb2029027dfa76f81ee40dd0932cf262bdacbf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63601d5e76955483b49f0d6f63bf9c65

SHA1
bda61001d35463e59490d7a83d1ed7ea84d09fe4

SHA256
db4adc2e6d8e571b3cc13b64e1cc9d823c9935efbb140a56f86dd5227def37f9

SHA512
2da707888381d85417694110cade299500b5ca0fd1bdd17826f9bb9e1b7135e853c8e70dcc1dabaccacee3ddda8755b504c74a7a9c317d27ab020db9d6b9730b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\55209935-ead1-4515-a1c4-df0eaf7695b9\index-dir\the-real-index

Filesize
624B

MD5
731ec737ffc59eca08c44ed182e788bd

SHA1
5af1ace54f5948ab8d03e1d8eefa5658b094b7c7

SHA256
a07bb5fef6dd8b262373640b1813cd5055e9b0c0dc844d3ebb515082844a40b8

SHA512
62e1d9a07044e43e5a43c8ec7c85cb28499a635942f9a31d46dddf534b228e34846fe468d7e6a126507d23f4eb2c1fa336bf28ffe7011eebdaeee370e10debb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\55209935-ead1-4515-a1c4-df0eaf7695b9\index-dir\the-real-index~RFe581037.TMP

Filesize
48B

MD5
e319815e20d954dbfef4acef15348938

SHA1
9157acb6afb07a17d761deb969684d2459a266e9

SHA256
a378171f4b7e3cacacd2ed8604b56c11835791d6bd288d6b3350c9eb7887de8e

SHA512
cb5e068baabf7525221c61627f0f6331085068154536d72193ac3c1c1a396d31349de599003d1c6e9bb812dbaa24d1babfbf4cdfc39577ea1ec429c7964c0ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\643dd07a-870a-46b7-b8d0-62f2a075eea0\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c89dbfd-5bd5-4962-b684-8247557d464e\index-dir\the-real-index

Filesize
2KB

MD5
16002e61498397b78167f5d2c4d61210

SHA1
facb71b6d330f4fa4e43fa4e23843f692ef7cddd

SHA256
778e04ff080320105713544ee350f514042845ea93c3f018447be1715924ddeb

SHA512
1281f2831b0197ba488386adfa7d49cdfa50fe6011f1987bd3f0acedaf504113463d7e601b8e666fc9df49404b0292194b6265f499b7c25076bc53a2d3bce02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c89dbfd-5bd5-4962-b684-8247557d464e\index-dir\the-real-index~RFe5819dc.TMP

Filesize
48B

MD5
ac97b6790a938e76ed0dec42b06ce142

SHA1
3c34a65350712e61b57c4e24793926f674edbd79

SHA256
f71f17ad8b50bc139ac6c466f50401a25729df352c7b555f1bfc4dee0999fbef

SHA512
3b642fd69225ef806efd29fc5778331c3e3b8edb7849e20244953fa34b890a8ae47f9591d705f408a5410e48583cb7cf077abe6adc52d157ce37801d8a330dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
bbc348de3a982ec4edc7729a6cea4f31

SHA1
32ec67296ef6c94e5c731861063fffb1c1588e17

SHA256
870eeccf4f3bb614f7e824588e5fa96a8ae42e4b56c0f28b0197f3be4bbbcbd2

SHA512
7232a6b0c7c7bac58859a944389b5a2516aef4a0cd15522d8bb435f7e7364c77f56b3f836e4e982ab1717b2b4036bc57aa1a96eec33f9a9880a149e687fc5990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1abc1dea77c94dc25ffd593405074c45

SHA1
c2b020950eaacf4517ab6f9dc2487e6668f023e2

SHA256
9ea39792f4692db7596a705e287be859b8907fed9de14731d5a4cb366ad765f0

SHA512
2b52fbb554ccd6a7317659455b4439000bb7d9ba825bb247bf584bb4279be49553906cfc2cd04f908741265eb78daf72f68244e3bb3a6ba8c804ac7d5dee8eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
2d6212f8c504a0316e4dc878099b81ee

SHA1
0e810564d372ac96aed3f7729f201e330d99b48b

SHA256
98cbae652df55005413d7800f9c99fbca1cb24b6e9eaae06d223b79639e8d80a

SHA512
6cca66b180e23d1adf155f92e93c5c6d8ab1762c08acb45c2e4a6911db8b15d5e9b4058aca47afca64cfb56e0f75d5d468da21bdb7e2734f4826e2ee9680b7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
215B

MD5
394e1f5d4b17f4f834874e50ca059068

SHA1
c7f214abcc05a5f1c4e7788081712afa9bab9d9d

SHA256
9806fe223884019343a41cfb31c1433ce58a11ed3e35bf9e7f15fb4a2be52ded

SHA512
763a2d9f23c08f15de98dc5af0804ba87855ff73399123a427f0b11d2c47e003b1255188a404256cbdec0bc900fadfb1fed15c5b6ae39d47666fb4422363a7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
1540e4ea26b5f605ddbf0ee024f6a589

SHA1
2f7b77d7def827f3b829cd647244daa3b010d030

SHA256
c9dc9ed32cfb99906d5f9222ead290e16fc1164f1ce07d829f209ef93a2b562e

SHA512
caa0319f8d0548cbf2076453de39af0d291b6ba1bdd1ccfc83f93021f75919851b41fecb8de36fec25f32b7d84cdefc54f072e178e2fc5fdfdd6b071b8d3cf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
9a3cdd7fe63d47d77276149a1357f6e0

SHA1
424023aec57da46da87294b8dcdeaf7b720c566e

SHA256
f0217a1975946f0ccf6b597a1f7be963d9910816f12b8894ad3bd1b50777fd29

SHA512
a5ecbccf97267539c7b538649bbd38a0d9a6a03e692953c6089f498c75484086823bfb6bd6bfe20a814d1da8a7325ad6c7c73f0721afbb18a10a55433539ac50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
151B

MD5
56f36d17159380c1b4e39aa872ea9a31

SHA1
de34fc6d340597a9698fe55454095191c9780deb

SHA256
737be3138271b119eb122e50b1abb1db364eaab27496a3ea2375a7c48866e94e

SHA512
3fce57caf5488da38ea5d4725c072ad7ddcde0fef8f4cd5b463aec0143c2f1a93376d5dea71ec1c496242a8d7da8f4553f45d4f8b82cb9f895ee885761401754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
97b32c81418a3980e029bbecf7fab407

SHA1
ef48c481f5f82f34e4d3cde67360f75a29fe8ec2

SHA256
1d85a64954266b8bcbd54ecdc64272fd6d73f2b896d7b804a708be33653c00fd

SHA512
433fce98fc484e3b1cef631ff0d7688918540018c4fd532ed6acc78f87b137a49a8946ceaf7363a45051dd0caaa2e4e635d44f55218d45a68d303e6406ed13fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58024d.TMP

Filesize
48B

MD5
d42de4ea158a4cc9e469f198670c3937

SHA1
a8b858efc10f64a7327372b781ee4f72c3ac4637

SHA256
531acb4c07c169bf4bcc583cc21b04cd61fa012fa61f8a239c518b73bf0c3c14

SHA512
eb9432bc30f92381f123c7f563d449ccc2ba62ddd30712c5ddbefdf3d112bdd0bf97549042b8aaa204574be9233eddaddf75ba26ad7e208ac585a1d1e9766a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
735f38230e953e6caf226a59df6e4ad0

SHA1
17ad4f1bd6c4e38d48926c57ecf9fd53201e21f8

SHA256
6e650ed7453fc5cb73455419a8fdda8c0b0a29385c557f4a7e974cdd2c7e20b1

SHA512
88b2b3cc37587247c1f485371df48751629b40d9008889db7a8344b37df4aa971c08d10dfe89b97edbfbffdc83c4f69b49c0a17bd030cc2b7c7ae28e55414718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
954f2a82a2071e284c17c9a50cd9d54e

SHA1
f78eb23dda22164849dd34b5b7fd32b2b391ed7e

SHA256
9595c9144d2d6882dda3ae8c7a84049fe4e6956c8a1e4cb161f56af940d701e2

SHA512
c4b193dd063d333210767ced733351898771a11bcd5dded05f164f2b01867cb7916a74f7f20849bd604a0a6ee9941b8cfcbae90271dde37e067bcef4309f067b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f7fc.TMP

Filesize
539B

MD5
f46eb692ef1d0d3bbce1781cd31226a8

SHA1
3c5e74de647af4443ff5b0a2e057c512221931ca

SHA256
6f0ce0eb5e8bf2ddb12870e3f10ceb4b68683d4377c861711379f2ac4a723a56

SHA512
480b8f999f0cd6f35daa67479fa1a2e76ab0c1ecc52311357c5adb2a77292faf1cf7d98e13ecf12076a63f2112b4b07ba9719889f236c904d056afc13d37cb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbf87665ea1a317677713794c8e27657

SHA1
8a669f12785ecd4b12506376bf1fb2b925701820

SHA256
be5b3531b04a07d06bb6ee6b04d2f7907a13bc4607a376d1321635b35bc7a56e

SHA512
f8c4dabd2b2f8def3948cc8bb1477d98787c31a0b60ed68b47c0f9bc12bbd4613697edf7675f2eb517febe6c3da6531956c1d92abaffcd3221d1e350ea6348fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25744f196bbed60b1185a6fa0aac6eb2

SHA1
569eadac5f5a64043dc9d78fee9b7943e14fe8ce

SHA256
413c8f97c0e147a1e6b6eb1b53aaa173f1b46ea7029e31adb54774cf72ee638d

SHA512
bc63ad7464d1f6d95d4bd2ff9436420900faddee5e20c04cb507eab0e831366f9f5f57a57566f78656d3b9013eb99b2500fd6931156102fd0af9cb7c56ada69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e58de9b1c91bc6646bd498727713b983

SHA1
3dd8cf3b406df54c04fff1ecb462e1a9be7c0cc6

SHA256
c81f648c4fcef975e6906ca7937667e63d2fc9a9003614e26fd91e7853105998

SHA512
d2148122b191eeb2fc04e6fb8c3d5acdf173f96bda4524c2cd349f53ec8fc7ffba6a54a85369797785021dbe6221bef78890153491d69fc0b83150743cec6834

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 334842.crdownload

Filesize
1.3MB

MD5
5337d2a3db86d73d08ab8393c154e187

SHA1
2836371b9592c6f1033c69264babbc43c70c33ba

SHA256
10d193932739319cd234b8ada0c8ad607644cb1eec20d8e0ef96985cb552c5fa

SHA512
540427efbe74076d57d2cc901da155a4ae621282f1ee235be44bd4a1a44c9898f2b6d8ea5f1731f191a5d3318f4159ba410c1abfa69594b7db8850b3b7ff3d51

Download Submit