hxxps://www[.]youtube[.]com/watch?v=-bnVGH62Yho

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=-bnVGH62Yho

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
1524	msedge.exe
1524	msedge.exe
668	identity_helper.exe
668	identity_helper.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	548	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 3572	1524	msedge.exe	33
PID 1524 wrote to memory of 3572	1524	msedge.exe	33
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 2328	1524	msedge.exe	87
PID 1524 wrote to memory of 4880	1524	msedge.exe	85
PID 1524 wrote to memory of 4880	1524	msedge.exe	85
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86
PID 1524 wrote to memory of 1884	1524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=-bnVGH62Yho
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfbeb46f8,0x7ffcfbeb4708,0x7ffcfbeb4718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17327680617747661625,12548308759213280277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
0385f4eec5306f667f06b2a050d32baf

SHA1
06aace0ca258106c8dd03afb8322874a070ac8fe

SHA256
8c2e4329a3549d7e97ccd9c027a09965cafbe9d7d6141d2a15f99edab4a977c7

SHA512
7cc8cc16278f3003a8c15aebea712a7c28904e50ce1304ebe6fc5e3f7515d1d78ff776f59a30f46fba4b09bb221fd92a236018ad05578050b787fe48cd0f6778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6b451197ec09544c4a9628e0f5680bc7

SHA1
bbe9e1b423d34d09c539f86c9dcbbd649fb0c32f

SHA256
b613e1ff2e35bac6fe688f4e6fc65af058839a5c6587dd62049b4c63a133a12b

SHA512
7f682b206077f09424a8a3111bce47cd3b13d4be2658e18035f11b1df1d5ac2b1f7f3895ba540b0a0ef4559fcc8f3408f5c847a639512bfda6a282fb8e5ae7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a042bf0e0ce913d3d255f8816287d0ab

SHA1
32575097396c88ff56f02b1d9dfd0aad08638515

SHA256
edc469d408ee518d47767b35242c463f6e723501572b30cfa7ad25af31c70abe

SHA512
9899d5cf09b80e2121d943d9eabb29d547983093812230c8d152dd10ac3e7c3ec3363754c0bbd365d70264b3f2976ecdab45af449992ba242397db979273ee44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
034aa94956b4dbc323df5d534f06ec59

SHA1
7503eef8ff97a850199e7a690f99d7cc634d0a8a

SHA256
19e60c7e94c0cdfd4b47bd2cf1544bbfd46c04e30e76b7df0336526b1c8c9e1c

SHA512
29ab14bcf61869af098f9ab7962df7e49c1e5887236966859e986005d6e2d10c3e55499bf27e4b2087789f3d0b06ea62f200f34b7e740a9c21de1efdf34c5992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2adcfbc11672b07cb75da174055a8dd0

SHA1
a5c576afe53b3aeaffd6c808380b89b827580e81

SHA256
6396f84d4f1c002f134a78f04f64733ad640a591c358a2e6e8846dc69e5cad01

SHA512
4766d1289b3cc9136899d8aeda33ce5c8c9f8d3789466cc50950875b34c823b1867f84392970e2ba8b5484be450e65fac04a1345e7a798f90341e1efe4615880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db8bd7dfab311854e7eaeb3d3177856b

SHA1
017b0bc0d031829995dbf49ddbd00cb591a5d75f

SHA256
190c2960af61e6f0ac27a731fb96b7246e8436255f0608b5ff50995c643d2615

SHA512
62b7fbede9519c617bfd2a0daeccc6d748c30b840a3b5d1a73e7db222f8ac8cc5269a6ae824cfaba9afc0fd7c93f3f0884eb03171e685a1c27a107b9233b1c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
433b6015d49af60abfabdaba09f7240c

SHA1
b9aaf970155e163ad655f0e61bdc2d949a569834

SHA256
8df6ca66f39a115bf3bb8ea134bd85d83c4ed77e987a9931265bf85f9b44de55

SHA512
4497adf1067ec4219168a588e4dd45ce63329dee9a4e585f76949ca7431e18f8b059c27561c9efd878bbbbe7d5866ba15a4db811fae3f7ef9043da883a74e3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
463dcab77cbf290d182b3e6391c9a3ad

SHA1
4033e4db314a92e3a27901e40e63616d268da5e2

SHA256
f062204324c8999f75da9d899e1c8a2bad8c7e465085eeda767c6e8b8bf473cd

SHA512
f7cfb9d3c19272069420ffa16b947f09b8ff364491a34132a36222e69d376b95c2bf55e89118a340b527991ed88bbb8a8118caadc1baf03e0f10a022daea4647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\214acac4-50ee-4940-911e-7a4775bc05f1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0759ead-f450-4524-a0e4-827ea48c83f8\index-dir\the-real-index

Filesize
624B

MD5
ba091733ba6cc6175fecc976fd8b18b7

SHA1
0c2f99660fe36cee6bd6e3139e0c79964706b1b6

SHA256
cfd72dfd618986c04eee8441520253bc8e3c44b927054b54e488a11157cd8e5c

SHA512
e5c1787cce6f16cf42f767c4f7306a8d76e2dd54fc102bf62994c60d0e3ea71da178f516e7b8f0de4f0596467ac79beb61f225d7e53d0d4b950f4b21356b4c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0759ead-f450-4524-a0e4-827ea48c83f8\index-dir\the-real-index~RFe589083.TMP

Filesize
48B

MD5
8766914ff319b7444bc76ee572b7d1c6

SHA1
c1a55ea2485ca3430989d2eeb5a72b9c67cd52ec

SHA256
4877872bac5bae3463ad3c183174d0e43a1141c596c462d9cf60b3e5a4470b5c

SHA512
671b6f8cf78c31cf6dd2e03c5c36ee87ca92a00ee349debb28376851f41c27568b2aa4e9dd311bc80f9c399f830ba06b38bc2ee8fae3bc9f0cb394f28c2fc07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc14e8a0-fed7-4612-a988-68d0df4f8ca5\index-dir\the-real-index

Filesize
2KB

MD5
668d3d08d5d61177661e145b79a78859

SHA1
0079c98f961afb2732688b209e4c1603140cc291

SHA256
5e930de0ba24903e0a89f5faded7f2d5e8fc4e22a2f1a1f10a2086fcbfdb77b7

SHA512
43c673aa590010628b65f922a87654c3c52bbd6d094112893a46815c23b290dacd9df1de57f6fd70c3e38fc5929c97275526fb6696231c83cf81ceb1750bf982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc14e8a0-fed7-4612-a988-68d0df4f8ca5\index-dir\the-real-index

Filesize
2KB

MD5
c50c78ce03b5522705408d4028bea95b

SHA1
f3904460875087133077439efd1267315268157e

SHA256
8dbc5356cc767752030922434b26ee25250a64a5008e6eefbbf3e0699d6842ba

SHA512
38a55f19d982ad5281ccc43adb54b980f7c78a003c2015674ab7ef5b567b129bd06ba157fc11ada5ee9e8eafc73b308b09863dc37cf814758dc6e4747abeda10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc14e8a0-fed7-4612-a988-68d0df4f8ca5\index-dir\the-real-index~RFe57ff01.TMP

Filesize
48B

MD5
13ae703887f187c233f0142781ad7dac

SHA1
7e9fb27e40e4d84920eb494d7feb37b56449002f

SHA256
45b7ca969af94f9f635c7be86edbfc2bbb445c3aee2ef93ae352ab861e533a68

SHA512
ddc155da1293c1e1c32e6f1dd11f51c51e3bad38f88aa78c2ac7b1b283f7937ed1cfcd9e96167a7f4b09f75432da03cd88fb4a85ecd589d6f8a4fd9e81dfbae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ccff78db3d4713c6284315dea419575f

SHA1
4ffc2c824c3dda360906e60380295665d011d779

SHA256
15d4863a699ed3042d0f327f2c7f47949336af4b9166e68ed03d4f8316bc2162

SHA512
7bf92a95bf0a3dc882bddcee7393c6c101d586bccb2b1816720c747ecc02e2187eb6cd19bbd39ecf07c1873ab4886c3a9916afb0c2dad5131c2bce28385b11ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
69ca827faca0715d8f02f4b166dd1452

SHA1
7a26e2473854d7744648c783b0a494c97a58c66c

SHA256
4f166aa99da8d6f83edca358aa9a8d64506e87cd53d757eeea8544272492a81d

SHA512
6d026788692de3e759645091911d1aaac14af01eca14b2fa3b46231c8788b55120031d39604a9178bc2c160b580e35bf14e43972f406de00801883239b710923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e07ebb080d8f97ba531b3798c49435dd

SHA1
94d32b3d74796b3db29f91f9fb07335c2ce49b40

SHA256
4a7d367ca59662d4fffd337c679c97e54db1096c91df6569e1f96b9e23c6bd2e

SHA512
42672074fdcd4722e2ed57a83fb960eca8555a490f4c95fcf09cedcd48cef69672ce587d95b0b59abfa9d0bc5430211b9fe835c79ad1e6149ea5048806c88b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
141034cb7271edadbcdf85ec4c118cfa

SHA1
a433030b97c9357654db63576ba28554a6a8227d

SHA256
788b592e6eca34d5e2f7a898d211027af91e623554debeadc3e0a066d56a821f

SHA512
7464738602583606c0f24f71b54201585a92d81bbc5c2810605fdd3e22c406dc5c2f70e9e027c473cd963725a1ab632c18b4b01dba8a28ca52c0e43ad2a3fcb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a8e5c6ec61c62a4d39cff03954aa4e33

SHA1
8bbdb35f23fb5c9ac2460d142e04122f443a6a82

SHA256
81c802fd6eae9909e2f21bc4c7f9a04c6508783de80e404f89ef988341d579dd

SHA512
0a27dccfae7a463aba5c8365cbef87b768d59cdbe918a5aae7ee1048bad21cd29a7afc97b22fefebcadfad18904ff7ee630bab6e16c7f17e62ef44d1f71ba114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
7b87e2ee8088d914f34c52b3547d65a1

SHA1
642427b5320b45d76867bba952f7187a28d69435

SHA256
a428b87b0e1450cfd702778dfc8e98c99cf653d662526c62890fddb8de1afa2c

SHA512
d4d36f59f636e01760974450e368278bf569f3a092bd6b897e31e22c740429a8fa5fe70d9cd212975c0d3d8be5503148a78069cc2ba2767f32e27170783c30df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
fb493ac61eeae0e2ef121c9b4e01ee35

SHA1
ba2f3c5c6d45fb62df0276fb23592ae813a3ad10

SHA256
5668e9e7ba4540e0db41a33f020ae4375aaddf723781fd3e9f479f9a941ef40f

SHA512
2156b07addd8ee3899245a88a9fcc237473951ca1a6a6cb702a65fbf815031b8c1efdf6e6835f4fc1de26be7a167541366aff6040883b6e6742ee1ae94d68496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
70222c2f80a161da24e3e559ef9ef1ea

SHA1
9e0c1cde0bf3e108a07c7bb4296258f2539798c2

SHA256
c6749fc642903f1b20e7464669e20a38186b2bcd19c9b2b9a625b11b9c38428a

SHA512
8c0595ed2d7d44cc29a98509b5a1f045927ebd4eb667842fca7ddd2a847c0385b4f44743965a02706f3ee001bb6e5411b3674a7f485ee94612fef2d36e75c57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586741.TMP

Filesize
48B

MD5
9ad4f8bcb1cf2ee712894aca369cb518

SHA1
f1e714b19743bf7d22dd3c2705656440ef745ced

SHA256
983882cfeb87dd219d42402ebecf103d764ed2398ada52bb540daed4d1d2e53d

SHA512
0059188444dccdc8a8fff005a5311be1d6503417b146a025316b3b64a634ead7b85241e7199d75bfc4599a0ec78a8fa1329eb90dbe056a7db4b43b02eb802392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e50aa6cc13002d99cd81d3345abe36e3

SHA1
e4280c8748fc34cb99db7d6439c47ef001d2f774

SHA256
8a9fce7cfb5fc7a96494598927b7a9adf46a2d75aaebba98fee53a6ba10e8061

SHA512
2856d2d921b7cc7d988f403986e4b156c50b95d1851a4b9b99b4b189b98f08a22c74a50cd56b5bd8078c49cd9130806c471c3621396470eede25d3db5def693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
760d0c5c837097de983ed4075b6150cb

SHA1
be6bcb817555da60d1e822031a5140c5decc1134

SHA256
b066444db8ed1dabd8f404fe61a7ecc6b03955473d9891c1e0a65519d9cb0324

SHA512
367523e44d343188cb9449b3200eb7c7d211f0ec0ac20588e9167a23ecf9870827cfea04700414bb10928b973558c69ec3cec9124ea74a9eb41162f55d5e7d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
00fffdd7966384f7b936fad5e81508bd

SHA1
a61a7c68e75f4e1c4d232a9b0bf09207b450704d

SHA256
6bae949953add4c0c111166a3f860dda93f609dfdb6e975b935231e0b4a983ec

SHA512
18004a2ba34d62ee8a0b12aa4904d9c1990fbfde73ca6005e0a3183ee5dfe4889de6fb576f1f3489615666fcdc1347b364423e1d801c12c280de292106dc416e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581596.TMP

Filesize
539B

MD5
65cea0b0b0b03e5ebc490261e77fd1ca

SHA1
ff7641f1f33cf33dd5216a75e1dfa9341628d9c5

SHA256
200c38b9ec8e14e2d5903ec9046f239f6de89d75caa5c2dbe375d20ea699cb3c

SHA512
b0ee3ac298e3c65f636b3c341bb3fb246be4b769571f36c7cb3b395e2ee8507874ba25f4cb76e7b42c1d2679a3233571e322498b4f3609253881ff0f95d6cb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b535aa1e16af77cdb30dce8dfdf6ef3

SHA1
9f58ac78694dda68de8215e6016951341f0f3190

SHA256
82a6dc3aa6bf8211337322a1e3ee7cc7cdcb3494bf8e73ec490bc8831451505a

SHA512
caf7f0330d5295200a0abda37c7df351baad5b6f996e0c70016058c013cdc388028c39e0e016fd024e9c4b1fd913d1f74f9130f3e482dd5d5c4deed89f084b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c8fb5d1e71111bade9fb79f877f119d

SHA1
6edf364b86fa2711e78674f61cb03cd5b2269af1

SHA256
5694976fede579fdd9f0feeaa0835924dd00a559dd4d1a62e2fed5b9de328fbd

SHA512
6553e2cd934cbaed42aa930fe9c74e8dd77fbf0e0f415a567a9fc0313fee8ba3622143b14ea9cff41156cb7d7ea6ba08a0c93a8ee120c58a828e0d07322fb880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bb01f707bd590482a8747ca7ffe2ddc

SHA1
8826b9cd674422d2afb664eef4ff3b61f3c6db2d

SHA256
ef234555d47709e13877f6e2c8aee1fcc4ae761916956227a22df1f452f7e672

SHA512
c2773b2167da92cb0b61c4758dce25da2f8995fc70dbdabf172203a989426cf9e458d8b7a32106c1cbdc09d443625215f08930681f04e7f086eec4e5b3f6fd1b

Download Submit