hxxp://youtube[.]com

max time kernel
293s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
1020	msedge.exe
1020	msedge.exe
2808	identity_helper.exe
2808	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1776	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 2208	1020	msedge.exe	43
PID 1020 wrote to memory of 2208	1020	msedge.exe	43
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 4536	1020	msedge.exe	87
PID 1020 wrote to memory of 2088	1020	msedge.exe	88
PID 1020 wrote to memory of 2088	1020	msedge.exe	88
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89
PID 1020 wrote to memory of 3076	1020	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fef246f8,0x7ff8fef24708,0x7ff8fef24718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15339059428420367005,3029962729325578817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
212KB

MD5
ab908f3ebb052d4c76de2bad1762e458

SHA1
dbbe2e19ae0d805fe0df01f7bd61d235a59e0a0c

SHA256
e7cbc7323dddbfde5a60654af0f4ad018524bb148f393e920d6f8d0ad877e7d1

SHA512
285f7dce99584c85ca5213cbd3e8f32d9335deb4f055d55711fee3b9d81019be9de0f2ee748a5029032794c9ad021be8bc02a4fc2bec18da622699332b104f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
648B

MD5
d933c5bd7408cfe9f461721bf3e73341

SHA1
ddd047fe6b4e48f87ae34e7cf8f80cc84506d106

SHA256
0a7beb4acb2e81087b131f4d43e7980062814da2ed7cde9ccb3cb9300aa12b4c

SHA512
8c0eadf9a86ad6b5e9766ce62376a3fd9a68bf283f50bd802d864194a20fa932f310ba2c0326be7d11ec706a4ac1d351891302bab8eb2b094040a0bebe18ab53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d7fccc292b96fdf3cdb693ca112c8480

SHA1
114095173f7e96d7d601891968298991e1eca8f2

SHA256
9477a794ee69df6d34ffdd874a805f89aad0dd243285d0dcee4f264e7c892b34

SHA512
24f724ca49e03b2966abdf33074d677dbf2197f62b8b73cea497a6a161a775b07b6cb8b759adc9a8f3f4541e97dddce182fc408d94ca18d2213730fcc1f333a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f13af8b83ce6fe1b940960e39e2588fc

SHA1
b96f566b20f8d942b1ddb05fb7562d4f8a4a3990

SHA256
b6c0d45c4c2ee3ef06ea01dfb189f197f527d8b465c84de881e065ab8df20fb3

SHA512
e2d0481950cab4f671e49741b5b26a50d3662ce16b810b80e8497d5be0c924ece2a7c6365d0c186c2a364fbfc2ef1926e5a8e3cda45df70a073a74c662d5f0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
28633eefb184988dfacb1f2491d7509f

SHA1
5fb79d6b81f880c17bf461548ff2d3488fa7361c

SHA256
6da033c5ba5c1781c47fe487d8e9914033264c6cab9b366d6363c94c3615817d

SHA512
e2b731119dc7894ac0f99764750f2630fa401795b188e596d679f052555e066adb1aaffcabc8663cd9ea7c5d834e72eedd6a10641afbfe904458aac8fe040ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
5f0dfaf7c9d08eae0dc85e37388deb8e

SHA1
82b53edbefa5d4ccfef749256b16964280034fe0

SHA256
29ab9774a8c0eb0ef3a6f3d971dbd4c0533a6f98ff8820a93364d8cdb57761ab

SHA512
7388c1289b162d54f6982b4e7ced60908255c36ef691b0dccb815a563eceadf9c6f899d45bf9b5d915866581a8745613a6e861a32bb84c75fbbb5fa23930ba63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
81576baaa9352b499abe4903f9439048

SHA1
37886ff99df5c50e3ac1f5f3dbae87a958ae6a67

SHA256
d0d07716e51568ada955e0737ab0e94df4612d1718ab180c5d3ab835eb1c4a53

SHA512
10369daec23d1581f4b82473f587b4d9a26c781a8cf05fc755675c1d343afc72d147bb0e74c295e94be2ce6d71e1f53654f9e16a84976afa2d423d19b04e0744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc11dba51db6b350ed9fe6b67b0ab7fb

SHA1
393090f41835ecf7b99f17392894f5ca7883fd91

SHA256
2f0635d65222089901376516534ddaeb87015123b555a094ab5a72047f40ba82

SHA512
d6b875a03f5358921df72c0150b85c71d8e011171cf4a6f127aa89133410f53453e1cfcc02d7a6c06008ca8013cddf1565ea9363b682e2302d692b4850e696fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4152f0e850670ca27d343dab870d612c

SHA1
952739e638b20f7e988b55d01a90befc3069b615

SHA256
98aecc0dc110a73e9aa780c634fb8e2739f7317b655fef8d463d5e13aca55803

SHA512
5d3e1f8116ca838e2d95f1373b8663f12c024f61a4d0707cf2d4aa704bb1b7a6ab0fb7b973ee54a6c59aba8d18b6ec2079a2cdd6b73ec2d476d0a534fe03dd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ea4bfe9a16ccdb3a7484712c2e43550

SHA1
9440938ce3c2bf3b74bf9a9d4e56f05f6571ae44

SHA256
94ee15a71cbd811a60f2b52798c83ce309f84340aecd9b450b1eda38d6bdb632

SHA512
68a6e2da12aa2ad50354730cf140e2c6c6ba40a9dcadf2d43ad3b4bbac65df94c53f786726f3cd2558729dc98650959aeae43d82bd432d08b335b3ed96a217c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f6ff85fa2f1cbc5aa26b127b1b5b17a

SHA1
543faacb33923e1c5a185d6af03a5af0c26eb662

SHA256
abeae06e720a3d1ae8b65b9a9e6be325de97728853fb92efe3a49ab1caf91826

SHA512
8e33c080dd691d208e0ced24adae35a8337738cf366a24ceb12823bb56ac8ab7c8ada51b6852d1463f564b68c08d7940a05a3a2fd024cde7456ec2510e5c3924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa10a7382b42e88166c102ec0fe5d189

SHA1
39dd69162349d50a109e4db45f002c1ed25d1140

SHA256
99ef9e7f2d97b318a4839b6aebd7d4837abb05e9e4fcfc349402ae47a6b89bc5

SHA512
6be0b31c94999c82741b4a1f488fef8eaffa7b4a19ad93a0e4a1be1976d898e7cc25c1e1488f5cf4ed5d33b5916a2cbc44e1b752aabe29de2d093d1f8545d6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2009e8b7-f529-4a6c-9b9a-58306893a1e6\index-dir\the-real-index

Filesize
2KB

MD5
d76b6d1b8c935b41eeceea267a30e6a9

SHA1
863863948364346d78accdf615ce4ca7202094ea

SHA256
17304a3b79c2da9e1722830b9d0caebf6bbd5088d32241f4d5514083eb90da63

SHA512
86025577d4ba40efc3d909356f9cdac08a1fb778600c170673a695853a2d95d6c2de6cf56769fb98cc0d5d4b7576bc146a2091ce168f160d1a7dc22f9e46ed5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2009e8b7-f529-4a6c-9b9a-58306893a1e6\index-dir\the-real-index

Filesize
144B

MD5
05042c70445da77457b565537dfc4c58

SHA1
1e04be27499c9249af8283f8cdf441e4f0c13df2

SHA256
ba9396c89d5a37125f7f96f493bd595c4bbfa5be02ac2b38420bf246ab8008cd

SHA512
d15f6404b84d3f3ad8ceb219cc46b2aa48fa993769b51019a5c5b6a9b8a4a799c495056d35ef08998c2611b5f5c6ba15603be8a6b2f4aa279a8e8305d548ff97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2009e8b7-f529-4a6c-9b9a-58306893a1e6\index-dir\the-real-index

Filesize
2KB

MD5
e811c544d3b964aed8de34db31321f88

SHA1
672ecdfedb3f0d557d188446ffae61c33954d8a5

SHA256
fcb8fc4c83c7609c07e64ccf7e25b3d3990d1f846b9be410c3482cf93016bd2f

SHA512
3e567768b151a7013a085122ed201ac99726f8849780d4d09fd6af852bdce624877ebe96e1c46e5e352f5e5572656a45daade07b08d06d6ea99a5a52b2fb9313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2009e8b7-f529-4a6c-9b9a-58306893a1e6\index-dir\the-real-index~RFe57dcb4.TMP

Filesize
48B

MD5
6c76186c6cb19bee93bc911f4459ca06

SHA1
c389fd5b13780af355d029ccff22ef6c0663c550

SHA256
c66c7d9b58c1b02b9429bf1b58b0288210f3c284d4af6032778cdd2ddf36235f

SHA512
1098f99cb0368bf7f4ac0083466f81a72a9eaa5461e05d298507d7aaf62e7c7e4cb8f2b5b098c43883652fb6ab59172f23e15570ca8febf5eaa2ff3369aba2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\52fc3ee7-5707-410f-87a7-fc02563e0715\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e210b4d-a508-4b9a-86b1-8f6b9aad9063\ce3cab33b3c00f6c_0

Filesize
2KB

MD5
814db7466e27f4d960f90ce4a2ac9703

SHA1
72972efec23237856480d2f6bd15515128e3f287

SHA256
e8cde2368e425add838f331ce4e0c5a68d280d5c3fb22dcafc0eef76c78c600f

SHA512
e67b5b31e9a271c59ef619d7aed8f58ca779ed1195321227875c5bd0263e37aac96e59ba66f28e518de8c1b899414f3fefa7ca22a6a5528f7f9cd37181923870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e210b4d-a508-4b9a-86b1-8f6b9aad9063\index-dir\the-real-index

Filesize
624B

MD5
12de3ba7da853871cd92f84dd515356f

SHA1
159957b3b026f528e4895cc5836ee3dfdccc821c

SHA256
202d6b9dca45fe052bde4397b98289bcee176dea0feae9b387a2cdebbac16c6c

SHA512
a1f6d5f8af3e46c2bfe4820558912d426ff5a56df412a628c25da814de4ef675aa3c4f0c65af48b0188ae9d01a3f051d8f44ce2288a8774ae67073497a9eda27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5e210b4d-a508-4b9a-86b1-8f6b9aad9063\index-dir\the-real-index~RFe58d879.TMP

Filesize
48B

MD5
8be2c957400157967b01631414eb5e8a

SHA1
d0a183c49aff700acac741a1e852a257a5da1753

SHA256
c5eddb38d7f4c7138f487824fddea63accb2151af6d0267b7b7729b2589c5822

SHA512
58ff59779dc478df2e50d1b9f0768a4e573dd77be20538a69e75fe95081014cdb76e1a166af2333b4e9fec9a8dfc0ac2256195838188fdfade8cd99cd19e96c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
710dc305f0605c4b6974cb3dbc66feb9

SHA1
b8a1ec40d5fac84aa36f3b590a35763f0d0eb25e

SHA256
38eea4c8debcab15e7520bb0f7a0c34ef128fe8d38d7dd5bcf2ecf5bbfd5cd65

SHA512
1de50400193be9451172e3760155a767586aeb4fa4a79463b31e4890b213a9d604b46a3aa4a1e9c923a98348abd0f656c7d0b001870b3c9a8c6af324a80d6ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
60fbc219196a6e2649ddde39a7f9b880

SHA1
3356306de543bec75482fcec2b009493a71657ca

SHA256
9b3b805d23fa89abc03dace5834c156d328028c4202dccd89cdad726e642d8c3

SHA512
a08cf9a8f6ce14e0f486e16f64cfa703e9daf5dd81d2c7b66abf60f904c601763677b97cd1aff5e1e43da9cc8c166829f42f3e64761ff1eeae532cc72b4ed1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
0fcb57f501dd9e8bcf571449760ba09e

SHA1
1ef038fdb3baf90c9b2d3462928e3602c9bccdad

SHA256
a2a035b053122b97d844cfb57bc1ac1af30188bc2857850a7a4ad4431a32b40b

SHA512
70fb3e763597f8b2f66dbb8aa8ad111d3e08e65ab1fd231d595fbcace3736aeb406e9717d1fd3c1597260d3a5366364b33667d91cd4d33c78944274377108784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
ed98db9e4c9323f99616f404dd503bd1

SHA1
711585a9cc7e4eb1b5e49854c2286fcc6b0138ef

SHA256
0ebb5af7d0ff6412672c8f79bd74c7e76b96135ee914c44f1cb820ab1e70e212

SHA512
f7cbdbaf30ed2d54112179f62153ce69168afba63f070bcc28b632b7f23735d81952d7dfceb7e9194d9378e3eb4f63c23ba2be6814c37cf0d76487943b6f516f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
17456c489c35593da93e36e8613f7fd2

SHA1
3f208294196f7c48dfeaaa8a83e0237fcef01258

SHA256
90112dcc49b1c3da3f358212fdff33dddfade67dc1f1a84d3a5f509df6883968

SHA512
2e8a1fc958dcd61d79bb97f8cb4a89ec4d82bc1bb438368468b36ce4590d688ecb09de0902fd2dfb94f7c5a5c5cce6ae47637bcb25479095d04f855e98c6612f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
83B

MD5
27e43c8c56c7973b187ec427fe6c4f41

SHA1
6c79bd366fc00ab3bb31d1368e3d0846d6f14644

SHA256
8d56e9c6cfa11b32025430f3749c4c739b93fd9bc8994f716189b171794aeb19

SHA512
6e0ba774887c7584f888cce9c847a9e739378d18008486374b86a16d663fd41cd61ed897ce274e545313e9f889e4ead876fd0f11f18a195615799bc7745509b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e53a3cd75c2b1d05c7e52b21fb3292e2

SHA1
f361322884c802d9065aff4d2cfd0986a23f2ca0

SHA256
8906e5eddc1edacb187c0662ad1403e44349d4f0701bedbbe6833e14ceff2e04

SHA512
712127524576e4b8e50bb46f144c90c055a355ae770d341dd9c00b75e524b80b17bef543d809288711c77097ab104d81598a6bdaa725da18c202fc97da1ed1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
3372f69bd54d72378fed79bdd575d119

SHA1
f9448ceddfb015000892165883c7351a9dae12ed

SHA256
a6213a3ab2fddec9b4382e7741a9e44059e0a0c868f665366ee49f40ea4d10f4

SHA512
f14e88fcf437e1acf268aab7872726c73fe68a369b04e98160e2609273b21fb9e04401e6b802c8618dcfe6152709529ef20a886ef9fd77513d4a688120a5a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9fef68d95b353822e7e078090e93d8ce

SHA1
3bdf7315122c3d79baa995610dc10d459b0ae6d9

SHA256
5e8a3624ebebf2cc6921dbe68456192acf23d7278762255ef06fab9fa1370a70

SHA512
37380922769689552eae93dcd22b405755d666311f02b2bd67ce2ca8c2c33c8cd8141881a312d166ca6f520b662eb88f47f57fdbb963dc3263eaf44620be1332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7339e31d39ce220a7638b22bf4541eb9

SHA1
12d21865f583099d2bb563b0f277764ecbdc30d0

SHA256
ffa0ae4eb43975a599d8c2429929e3f65733177a0079c31739ef18544d161c3d

SHA512
a790c67c012326fd2e95436f0a32986bf2049db66ed16db9ce4d778840a70d83915d3c63aa232451dba8b21474cd9df3fa70d74e545b20dc0ec8f4e41449a22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ca64.TMP

Filesize
48B

MD5
fe01483a22d8679423022fb7d5fc869d

SHA1
0774ed0732e8678fcf622f52bb5c9c0e78f43ffc

SHA256
86aee54fa77ac261b512beb5b47379fe53725a69a54634a5bfc7339fd84187a3

SHA512
509cd106e9b4fc6b24138d0a24a6b9a3fe6227d34ea76a8d9e20cc58925eb5b59889e1ce91720668b10f69d2ba14236ad7bbc409e35894d5c2f80c0c31eb4940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2bcd1f40f0bbdc4bace269ce88f0df88

SHA1
0fd16ff1e94aaad488ef6ab56e316a7007a1639c

SHA256
145dd126a5b382fd87ca4cc2c397770049a9ea96952369b40c69dc5628a5a25a

SHA512
50f7e670fb9be7f63e3f7abeea0cee7ef9f4efb5743f26466cb224f4a5d28af932cea9aea63272c3680edd05954784ce75311c2246d834a96b6e4d45343870d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0acbe9903db582c29d866f71e7b08dbb

SHA1
200cb5003be71067b2b93d1d810cee58510946c9

SHA256
3069e16a944f6ee55f98c29c6e3fc4933e976439f0552f87039a5618a0c0fb89

SHA512
2f8f386ea6c511357ca49e3892f40f28d415f488e64d944bdc3baa954c98ca8803e8ae546e5b6419ebae5213ffb63d46ad4e47f0617f73afd4c77efcb6d3d261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b00debcb8bde472d0f6b15f8ead16d29

SHA1
a8d9d4e2bfe5250c7c39f2da39955496fc654c13

SHA256
b9976e6091e563c090552360c94ec7489ac29e1ddd63631c0e2ee78fa1acaf0e

SHA512
0f50118fe5700221230c1015527bdfb95397ed30896297f12f933898478baa37087381a8b4710cc8235bfb4638d743ac175e573517304ac32f073cccac0a02b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c9a9.TMP

Filesize
706B

MD5
de89aa2353d3736c0eafe43ab9cd0dba

SHA1
043e2ab50b7e034690c4b18efbe8164ba9504d04

SHA256
c2535370d96f50fd8edf16436d1cd9beb7408e48abc561fee6ad24d2176f5d8a

SHA512
6bf4c9b187ac934216bee88bb73316ec2c1fdd0979f6094bb25a699ea7acdab19296c57d93dcc893a06d5a26ac87b64380bddb1098b38581a9273a652bfb5863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ec624d8114af76db16d91a3328b9ae5

SHA1
5b2476644c57406606a67562a1110fff5fb02dbe

SHA256
17bfb6240b11781dfcca08a67ca0d49aa4149450a36fc739c56580fc13f48489

SHA512
75005d40559aa2e82e0c5123062326ea5a7c466c9c005be03de65f266d9d9b7729037a5b66cdbd59e4f7137443ddc5bd3f6d2df7a39cbb9f7118bea2a7b92943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
53aba3edb9109f02b94faf70e7cafe88

SHA1
d44fcc0adeaae0a701636687a205b243d44b431a

SHA256
57f2d3a963ab73f22891cb6039ed2256e05ff5355afc2be16b555204f116b3ad

SHA512
7ab11cd55b941269fae08b175a047476beafc3ac99428357c710bc3e8bacf7ab63e1b09a86bfada7d9ec99245c9fa14a2a144db1cae8ef4e9f775bf346a1eef7

Download Submit