hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbDNnMWs0XzNqM0NBZXhfTFAtMUdCVjlZWllTZ3xBQ3Jtc0tsTXRWNEp3NDFOTk9hTFh3R3RCckVJRk1WdnM2aklsdW9MdVppd2VHeG5IRmJjMFJ0a3hVQy12Xy03elNyUkZTOGdiQVVGTVdwZUFHWHp4eDZXdTRZclNQcXNYSm51TlpBeXpSb05nX2V3TDQzUEJyRQ&q=https%3A%2F%2Fmega[.]nz%2Ffile%2FWlNE2RAY%232h76Q1ZrXDhzSYu2ufrHT1-q5ZMPQf4h2LFDFWWOryc&v=ES9Pi7CrofM

Analysis

max time kernel
85s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
03/02/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNnMWs0XzNqM0NBZXhfTFAtMUdCVjlZWllTZ3xBQ3Jtc0tsTXRWNEp3NDFOTk9hTFh3R3RCckVJRk1WdnM2aklsdW9MdVppd2VHeG5IRmJjMFJ0a3hVQy12Xy03elNyUkZTOGdiQVVGTVdwZUFHWHp4eDZXdTRZclNQcXNYSm51TlpBeXpSb05nX2V3TDQzUEJyRQ&q=https%3A%2F%2Fmega.nz%2Ffile%2FWlNE2RAY%232h76Q1ZrXDhzSYu2ufrHT1-q5ZMPQf4h2LFDFWWOryc&v=ES9Pi7CrofM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 385939.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
1200	msedge.exe
1200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2144	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 4116	1428	msedge.exe	61
PID 1428 wrote to memory of 4116	1428	msedge.exe	61
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 2852	1428	msedge.exe	80
PID 1428 wrote to memory of 1260	1428	msedge.exe	81
PID 1428 wrote to memory of 1260	1428	msedge.exe	81
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82
PID 1428 wrote to memory of 4372	1428	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbDNnMWs0XzNqM0NBZXhfTFAtMUdCVjlZWllTZ3xBQ3Jtc0tsTXRWNEp3NDFOTk9hTFh3R3RCckVJRk1WdnM2aklsdW9MdVppd2VHeG5IRmJjMFJ0a3hVQy12Xy03elNyUkZTOGdiQVVGTVdwZUFHWHp4eDZXdTRZclNQcXNYSm51TlpBeXpSb05nX2V3TDQzUEJyRQ&q=https%3A%2F%2Fmega.nz%2Ffile%2FWlNE2RAY%232h76Q1ZrXDhzSYu2ufrHT1-q5ZMPQf4h2LFDFWWOryc&v=ES9Pi7CrofM
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ffdc12e3cb8,0x7ffdc12e3cc8,0x7ffdc12e3cd8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,12659638385626012222,11697226006107188291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dbe72a1f5827efc08f70d06ef815d46

SHA1
6aacd61519fce53ecb92e5e61207a6c29c01f47b

SHA256
dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3

SHA512
2e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
95fbe9886d0f6d54603ad2c5194c938f

SHA1
a103102835ca605dd85d3287860158a3ec0b52fd

SHA256
3628a3b0419b761e5adfb72347d04fd0268311a9a5428414657379c1e23e0f68

SHA512
6af1e27aabd6e979eba52da1121e6306c6397cd6782c6042018eabc87ba6304a6f1668ccdae85ccad8a8991794082a5f8437a430dd89ceed05f13cc6590f37ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
667B

MD5
f8c8ee26567145f31224eb1feca71ccd

SHA1
fcfe2f1d4609ff5fb6ab4d84f552b3af4ab6ce28

SHA256
45a5ccc66ea18208a2c12e97501bbcb5fd9db8dfbcf52042e3d43de6057a4a65

SHA512
d6297aa4a2efc64b98960641aa926d30b5b11cf6d89adc4b52a92bed0c16fda38cb75ea9339e9bba9d6c418bd81b227727795a9cfd5120b7038f31c01114f934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
3f59812fd8a494ccd922ae7222c32001

SHA1
fdbf2a8f0b7e29f16f5938083c0f993c1750a050

SHA256
64500fa75c57247c22ecd3adc9eee7205d3835f99ea4c4554a15d528a025e681

SHA512
b59b82b2264edf497a7ad537815cfdbdae0100f01c60e2b8073b0f2686363d3352276eb939195aa98842c1047c75810a93b71e0d37d16e0018ae1f348296fb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
22b515bf28f33680fd514ea3ab2ddacf

SHA1
3cd323d3d826d593973e1a6612577331ea19e864

SHA256
54b8d8fa7549df53c98190e7afba913ffc9f99305cff641be8a0e62b65528b3d

SHA512
c8c7dbac9940da5aa7e230238d6f959ce9e3594e8b7d11aeed6f0b443b5f691433317dd6e4c230c1dd344e1e584774261bb5b1624e8353c6f522636e40c8fd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b54f691fdf7c4f11f23f5de3b5cf0a24

SHA1
5b95a84d45f4600352cdd39e3666e9f9f6865851

SHA256
d8d9acb50a775281c1cfd3bdc23d5d17191e3e89b59cece67716bdf0ac087704

SHA512
50d87abe292d29bfec85e64fbbfe54d524d054e24a34318c34bdfdd29e507eb22ecb1da7e183049856068691cd8875f26f6b96b2629ef4d829e94fa574fcb94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
baea9b556018a9b94ced9632ce64b049

SHA1
72013d34475f8a2e54ade03a667640585f5787fb

SHA256
2dae900eb7b7d3b77ca74a05d9a70722a49fa157799fbec8f4e3e8298b4b26af

SHA512
517882d5c52f39f9a35bcc2024683e4ca4eeecfb1444303dab14ccd8591b18202d501a827de266b043b926606beefa88849c3dc0b557ee651a8814ac7bfbea47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
e5477be1e6c4cc9f570c69a84dd4f681

SHA1
fdcbdc83ccfef1c270b927c6815e641f6d96a132

SHA256
f06ab204d1d24ecd2d13e473bf807a8fc65ed09114a227966b4a308bd7eaa531

SHA512
24eb3338f0a7be6df183c5d5f22831bed07ce0779dcc124e805364a128a08f571160a6809556cd1de323c9d3cc64299855978967c8693b8324cd9bb22f5ffe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
92043d2f11c4c15fa3846fb4ab3f7cda

SHA1
fd42b94c9aa425d985716deefff4daaed53a9a31

SHA256
08512e4e8f387edbe361ca05b9afd3b6adcd9bac4ebb7f91e9838fb9c4b5d594

SHA512
35572325e7e122ac54d2281a2f1961eb22c241efdbf1ca15127e90b9f3b00d0a7990652b0d1710a7beb272c82feff2431a11e1773a7fece5149ec5497b5edf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c6bb.TMP

Filesize
48B

MD5
211225092d76bddf6e37c70b45b7abe3

SHA1
574b7677ba82f7de2139518db621caf4768730a6

SHA256
6bbbed459284a6397b129dade522ecf2fc128f10519967b22940abcb4e864157

SHA512
8d8415baff1943796fc754494187409684dfc6b2b2db0677f5fef060cba618c2d3ed3132a58bcaca5f08762af2032ce26a24de98c4b232860b77eb6fd74a6e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b34435258b56ebec5bad36d2ca0d8e8

SHA1
c675d0bc7977ce4b7a2fa911fba10adc72c6c44b

SHA256
5fa1d6676d48163ac514c2f62be23250d734599bf3fe8e71d0d3c52205d68fb9

SHA512
c32590d6dc970eea44eacd3685d499ca8cb0e575b7e756b527678d8b5f55f0559b0ad4ced740f2c57dd4e9124f07c11b0a57144804aa9849a2f9a923773fe23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
880591f9c5b1e23a4c76a20e68474fb4

SHA1
cbfffc4f55177ceeec29f940ff645899672ab3e6

SHA256
f51d9c4f4543f1ac30d88d659330c3ea043697a9fbc8d0af0085f02f15426fde

SHA512
e55d719f83ce2a630fb80ffc68ee6736be32c04f444758805fe312164fdfedec009531d4d20abd129e10614d627295d19db03830802e8731a870433d5f298283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07bcead2ffb15515c053884fa7054c2e

SHA1
e5e58d5ad8f167f016c61c725a961753707123ef

SHA256
fb44238b5e7f1973564fcffa33d560e667deae6f1ccfd6ad4113bf3cd42e60b6

SHA512
dd57f9e04028a184f7de9bcfd544e74381b307acb9fc3feab63af714c24ee337039349795d3249e80e9650125ddbcade480e7fa630d333af7e4becdbd40d53ea

Download Submit