hxxps://www[.]youtube[.]com/watch?v=lrJLIE3jGOs

Analysis

max time kernel
59s
max time network
63s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=lrJLIE3jGOs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1473553098-1580226532-3330220195-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
436	msedge.exe
436	msedge.exe
3284	identity_helper.exe
3284	identity_helper.exe
2704	msedge.exe
2704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1080	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5068	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 3436	436	msedge.exe	66
PID 436 wrote to memory of 3436	436	msedge.exe	66
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 5008	436	msedge.exe	80
PID 436 wrote to memory of 4072	436	msedge.exe	81
PID 436 wrote to memory of 4072	436	msedge.exe	81
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82
PID 436 wrote to memory of 2096	436	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lrJLIE3jGOs
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe4cf63cb8,0x7ffe4cf63cc8,0x7ffe4cf63cd8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6902704769777932577,17046627927557002761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7d4bdd41d7150644a9fecac756bd5298

SHA1
cc6bd77ecef146f18a526ab6a1167649b2bf526d

SHA256
ae1f95fd0cac26454941f0578d73b695849ce52ab2ef95eccbb63853cf9103ce

SHA512
ba873b94e850c6fa0de096961380265ec833778854612e938ace2c4c1772423793d0d22a585533180328478cc23aef6971be56eee2256405636f80076ed2c796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1024KB

MD5
3680d862474f5af9bbcd440e0bef94c1

SHA1
d7efa5887f139c3aa633bcc759092d1abe01028d

SHA256
aff07fd0d757945ed27cf0b9fd6d006e8f6eecb2de4d1cf5f9b568579f7b53c0

SHA512
29f5b80014f81a29f1d908d0b7d514cd739c20d1502bb536fb3e859893d43a3856b1b61a2944035289d766e4d64c82b3ae3a0ba2c583bc72eab889a8dd7c57dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
b2bf85b88b45b0ba5ed94b135e8f208f

SHA1
94cd26ca4e9fcf87cdde9d9ca44be8cd4c974b9e

SHA256
6631a5deb6a885df9494c1bec32fa462052d4d2b7b249900c0a466d586e0a231

SHA512
0c37ab38e17049f1a615641f769f86b3253421856993a79cd83603f7931a9e69d93f7f5fcab7a4d5f796b1f483f48b8ce96db41495d797101ef1c2714ea175c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52078a56559ce10ee3f6257db798e208

SHA1
c5ed089b91392eeb5c502d71e6d5bed415f18fd4

SHA256
03e4d8999dc5ca976f19ac44e6adae10fe9e9604ec343b463476a768f4d30108

SHA512
1b3e9a01abc80de4e59c7b4c8237c41154bfc45406f73f24357fb6c07751d3ed540a768ae4f50debcf27c6475ca66d36114cc9a6e261e10e70389efd1406a510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1be80fa8ea2d234d24663d5b163a12ab

SHA1
920fe142e76eedb5b3cb5b26425b3a0434948759

SHA256
00b9f6fdb90888e18f1f7ab045d61237eecd1f9f781ce693db5eb4964e5cb4ba

SHA512
6e5a0ff1ddb81e95c950c05ce7277a568a012a9a62bf28e8bedb022d720a541f14d5ee761e02d0f4010c3313d65075e589804231afba44e5ab14980322cef0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d34e1d38d13ecde1d6a7dfc18b94afd

SHA1
967f58436ca3d3de725987f7985b3d1c698c0bf8

SHA256
0b5efe3f7a89db0818a842566def28851f97f73958f268d88e444c649468f391

SHA512
e5515f97c55c870ca62e28d56c55b5f5cd2f39c9cc186642144482b09a6a83cc13ee1634c4e55120cd3f3a0f78f52367b962071f692232e15fa43117bf8166fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe6a89a8cfc45bc2020befcfa2b5d32d

SHA1
eeb2dead274e738671853bc54f798fba0bbe486f

SHA256
f12d2dde1d1e303ea0f8783c86ff446fb219f02862355beebd004b3e3351b9bf

SHA512
746a4e67f432f385c2691fffcd133a0622e7949c8b5142fbd229e90386f32ba206e14abce324809080666d6cb23b646977c392b7b6e82c88a5873734487f099c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
00042df6368289238bc60caef1baa46d

SHA1
981c49ac7b10bd2a9d159daf00844110629837a9

SHA256
3ca68414527ece019ac110954726207b8a46bebe6180c2615158f7aebf6e6b1b

SHA512
8f549ecc6a1ac0cc153fe39759b8fe093af520dd94e37b8c32e7fc7e87263cc5b2bf404bff31a5960ad9fcf82dabb5a534fa07cc441ce646de2a8b532c28ff51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ca39cf0-80e6-48f5-bf27-2a1be9efd189\index-dir\the-real-index

Filesize
144B

MD5
c6c6f4ac408aad4ca09165c7f17e056e

SHA1
c9955d03936c33d5555e27c659d0ad29699f09e5

SHA256
bc6188721abaa8ba2fd04ac8778f1c42777b47f73dc086bdcf12c9cb37f26e15

SHA512
2377fa5f31ff520eb987ad810dc6defcd50a87efba1545d0d06414086ed4ff166cda1cabddaa87fa519fdab2745e3a5e9372c512e56035142735e5ed2dafe249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ca39cf0-80e6-48f5-bf27-2a1be9efd189\index-dir\the-real-index~RFe57dadf.TMP

Filesize
48B

MD5
e77e50ed6721440928fe07558d737355

SHA1
8ecb05afdcf2f7315eb3743243548b328bbd5fcf

SHA256
8a100a588d019927eae472168809d73ae3d060f6dc3c1d6d698b19de74eee183

SHA512
1a4f0b99bb851cfaf020b96b1da359a6aab84d99f0fa1561577e5f796493954116bb4ae973f7105bed847d0cb8b766d82f4ac134d237068f990d3ebbd94f7733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2c6c54ab599a3dec517205ed46b37b76

SHA1
e95211a12eab764a797b9f3c4dd7d5ef5778d881

SHA256
16ba0c71fb42c2756bc03d28d50f663b125ef8b0d14f47de5ddf62369ea325ee

SHA512
da5cb2feae368c4e95a757115792781e9941107fbbf105fac676ba09b558cbc9d3405056be86cbb8c56fdd21e1b4690fd49203922d3a6678187972b3f97afd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
439085bb59763fc5a89058aac7cf8c47

SHA1
21c86795f476702698cf57ae2055e3453bfdb18a

SHA256
f3cdf9c594740e96a13bffb10ab04f8fecd60d8747f73ad80779db593b3dd7a6

SHA512
8238f24aff607c1b0233bfea793d69a19a1b0f2c095005eec3c2f6d200d82b67d532f363c6d5f7c365ed338583fabda11ed0ff6c765d01d4e765b5b96f83f254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
238082f901119c2ad1a1b35f094984a2

SHA1
417778fe63a12356a9661f95504e4c7df2b68cc5

SHA256
ccea064cbb30790242db3551d92e8cead7aa7dd675cc0a0501b8b27727d8f69c

SHA512
3367c9d82c7d8a84372534fadf2a4fb4fb478ac4c38f93273034982fcb6c8be92a7a184e969abc4a0035ca12a1385d76a8ed10d3f97681203c5b89dfd086c888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578702.TMP

Filesize
89B

MD5
bb80e740c457649116cbea1315fa8cae

SHA1
60cff52869a494b7dc5dbf02c5e3e0aa9f742d94

SHA256
b3e87c578c97ff65f14a6bbd4856c68ca40ff829a3260f30d261b4c3b69082f8

SHA512
7a692e1b20111845ba7ce0fb4beb49b695563507d3e5c03f679486e602938640730824afd22c8a367f4bbbf68383e36b44a9d9529f0d922b0a1ad45bf772adbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8166db68173e36da4e512eaabf880219

SHA1
41a07d096ccac4234c41db4fe1917c1d6a9b458d

SHA256
31c98c3b821f73e8ecf6f8fefa68779a4a0e8adee6adcb06e1e13bc8dc7084d0

SHA512
5cb2c2ab977dc68b19eb3658308aeb6ef9161ba5fe2085ca96a821353e756cb3410e5353b4726c19a780fcaa330df20bd7685ff98c4a9215bdef731ff6f93732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d6a9.TMP

Filesize
48B

MD5
ff7fd34ec8a8e575c813ae4318a962a8

SHA1
f251b006de84db68df1bac08e2191c138b72e6d7

SHA256
899c3745d7a8c74dae1f41595c257cfadfc39923eefc2b94f852cb48155e8044

SHA512
ec197170dff9aea6e05ed6d0c768cd1a28081f9c747e6d2ee0eac3a1f25e85f8cd4de438cacdc23181b84374644535a9e6c0ec028f565a9341aed2d223700c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e094614f167782d7dc3a1caae29678d1

SHA1
ef7adaad76cc1fd9f689378bc37015cf2b3ef6d7

SHA256
fe6587bc4e4ebb2024b0a6a485f95d0761033a4f7bd51195a41ddb98232003ce

SHA512
8a39937d79276d8d9882cf81211079e170e90b778e9821e941f7b395b0e9880ce7b2cd3019ca69e55986cf5d470e943a3e51be64da52738be0708a4001b4937b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da04.TMP

Filesize
704B

MD5
49327331b5b72ecd4e72e0957e11bbbb

SHA1
989da5f4da2a7e27da53a329548534b48981d6c3

SHA256
eb4ffcae90e303561f285f5fef9c1c6249f58eac599b466aa8756629fedda6f2

SHA512
ec392e0e94b8cd24be3d324790c0b7f225b6c65aab48c625ad2ffb4912974341c93cabf929063d40430ebde2b53525de241453cb539de1274ae041ed972e4a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a759fafce44c5074209fd417edf842b

SHA1
d88bdcc9a7be524dc12564d8ea89f15fb2ab2f75

SHA256
816fa61775800f403e0e66ee3050ad18a02c09dab6da38d13f60eba30fae4ffa

SHA512
7109f7b3967b48ad097845184848b01d2d8803e7de02c3f04199d9271180cbbbd363a5cbffd5d23ab30a4718fa16617c483644a3963500351bb8fcb843002e94

Download Submit