hxxps://www[.]tiktok[.]com/@andrudutz/video/7339502889892695301

Analysis

max time kernel
63s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.tiktok.com/@andrudutz/video/7339502889892695301

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4876	msedge.exe
4876	msedge.exe
2340	identity_helper.exe
2340	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1560	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5020	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 3644	4876	msedge.exe	45
PID 4876 wrote to memory of 3644	4876	msedge.exe	45
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 3856	4876	msedge.exe	91
PID 4876 wrote to memory of 4948	4876	msedge.exe	92
PID 4876 wrote to memory of 4948	4876	msedge.exe	92
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93
PID 4876 wrote to memory of 3824	4876	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tiktok.com/@andrudutz/video/7339502889892695301
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d0f646f8,0x7ff9d0f64708,0x7ff9d0f64718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3117819941883597605,10550923858366173612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x2e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1560

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa395a855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eb164b7c0f0610dd416b9e32018c0822

SHA1
0e10db3a000a3b82c80b9fba53110818973e85ea

SHA256
2c210d54c3d66f4d342f57a7d379f74d0aa37dfacf33ba843c115aea05d7c0c5

SHA512
40993de6c7583872912803f425b17f23970b0a0370db9d0339f64f744e872b807b448aee0212d2f0f0159701ea9e4a24d7d7b60762c83d6a59dcdea81bce01e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fbef285b3fdb5579a2355d6d971c2b5f

SHA1
da8c1fbbbcf81f238e65dd38488e819c466f2af3

SHA256
2d1520a997e9c0c168a3c8c903ffb0e47f4dd170058de65b639d6b76b7ced61b

SHA512
88c8c9888848453f51b0cde5135c6f14ff1a2666202552aae523050ba63de4dbf1824665e9c123fd0fbb575136506ed0f9dbb4fa706061532271a93a9f7f1da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43572c304f0dc6af85d77063040e6541

SHA1
026f9b4aa819dc8fb3768cee600521db36ce50be

SHA256
8054112ddf424ff1d2ce9a4d99c72da28dcf124ad96cde8578638a82309e7606

SHA512
0b7277d22bcea537357c8c771648439fbc7894a5fc56d334459dc709bfefc0e12b978d8deabf686f66ec8b8fe39b34efe69a308927b57cb63cd1c0047414d4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd4de4507bc2a3df96775d75cd9c1542

SHA1
a671f53d0e81c8e48ba062ae13f0a248005c1106

SHA256
879b795cbe97bf3a808518732e53f0610086d15d2ddff49792a0ee07263081fb

SHA512
282e4c5526d7a90527a19c5ef95602f2ba77587ffa36c61832d6f859f1657324e930b851e944e8ebb97a0cc078c5133a3ef1374cf3c8ab0476f0f7e2b78f75d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f602324cbb3320537866424f92c7e849

SHA1
fb9faaba45fa62825bf417574b2d08685127cd16

SHA256
3ef9dae0e1975cae9bcec58da9d1bb40c079e433795576ebd804301bf90ef718

SHA512
70a0b732b9bea4648d3ca0c2407b129d112be157363bb769c82a7b6cd23263266ab2cd2cce8ef51ac810fa022d35680794cf134961e5ba98920a10d79fd8c73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f61d1e822ac75ce7e5cfa1fa95b431c

SHA1
633726a7f13860599f7f0bafada8f5a680329d51

SHA256
408ab124b99c63af7a7d5c7a0e83fe3fcab476e1ede432f73c7bcc1024972103

SHA512
a3156de4314edc436edddb8cf13e15dd76569da0bb647028b01b52a652ffc9e83540ff9264ec4445eaee75b803d37fa68cbb69c3f0e6e3663b6a0bc2d27dc94b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\1c1c635a-65dc-40ed-9481-8aef45f231b5\index-dir\the-real-index

Filesize
456B

MD5
8b225dc06c1ed766109ca14d71a7ad03

SHA1
d91a7ecc189628e3c34cb01b2a282d283c705c57

SHA256
dc774e069c895592eb0ac02356401db6f360167bf959cdff8bbc192e0952353e

SHA512
c28e2530b98eebe8f40fbd4ead26c7abd30f28eac0c5895caecb5c00d82ffe67c5c16437b8db94edb8753fb9f1c050363a51c130667436529f59d9c664b3d537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\1c1c635a-65dc-40ed-9481-8aef45f231b5\index-dir\the-real-index~RFe579eb1.TMP

Filesize
48B

MD5
e9ff18733bb5083d8246dc0f3f8687b6

SHA1
2ed6ae6df8f064d1c31352c09b653e9e4ac13312

SHA256
e4e6f4fb8f0867daca3c28909cbf8c45c2f1dcb6c97502cee978d21a3ae8bec8

SHA512
b6a3ba2de8df067c0fc8f10d1977a821a82aeefc94a0b9c7338529fa2ff06b2c348628b9b9f149aaf7a5ccfa404837a71bf8c11b1680041f8badfab9598c5353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\4209ac39-114d-450b-b48a-86f07bc2c2f5\index-dir\the-real-index

Filesize
72B

MD5
b0c0a51f15a99cbfbc645cc9577742de

SHA1
2a2ff36d58a27bc045fe9250391158e23ab968eb

SHA256
ad03a5792d444241a3954e106429e0290bd82ba7aa9dcbe0ecb5fb77ddccb9cf

SHA512
664a080e55ea7e80870a48f2d27a9ee2734c33c6c08ec33bb5a2f34617c7a1572c9699b97355c770bf41205e97f840e7ffc638eb4c1becef25bf0230b48ee94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\4209ac39-114d-450b-b48a-86f07bc2c2f5\index-dir\the-real-index~RFe579bb3.TMP

Filesize
48B

MD5
433705dd52c40ea23423743d459fa85c

SHA1
f1b26d06da6c050f97f7afb843eb44d20ddfdec4

SHA256
314fcf5d9dbe58c726209bbac9f3306cfc1aad93cadf67013d2142b4580c0419

SHA512
fca8b5520545ef879a467025153e528570f4e9de5e0b33f2055c4a617ffad114705fc7bfa0783bc66acf11937ee51625a47f0589336ab08170ac1eb41c402fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
66a8cb07b570ec4e41df960cd7d182c3

SHA1
fdde68f6ef43e3f9069e8886957e77ef96437a6a

SHA256
ab4ec96d839e1657eb5de8af59b100d7be65f78e68a0d2e50b81a4f6e55c6698

SHA512
8cc1612b27768e8a91ed7e3be8665256ec3117b8bbb190702d4abc1f126d4aee9b5622931e387759c6840f686aef0d721f1b447770c6eccc2ee0634f3af1e458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
e1e864b30104e88ad934ba4f353baeda

SHA1
70c37388a920b6150a7d56fc2688178ba05ca9fc

SHA256
f64b01b7eacb124b56b5ebe71718c4d84422de0231818f88418a45a7e5badb01

SHA512
07c00b96aa77747516cf07241418fb193cbabef61668ebb6be6d93dd6f0a19d89e2a68b4875fd5e71e8dba552c4e576b020f8dda56b48355d7b838df97d8a092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe574d55.TMP

Filesize
102B

MD5
c91c93c3fd07dc614142b270e63217f8

SHA1
193339f05ba34a4060417c308d91363d63e9a65a

SHA256
66f55205902506d612d090c0ba0efbaef8332a6999c2881989a5b10cb256bd42

SHA512
74560f69d078eef44b4bb1e537f8971862165aae5cb7e8400ae5f987bf02d6ee3f43aeb3c7c620e61e53014ed303a29f40ec58db22bd6e3592c64d6f26ed3bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
b26ea7e0d90b27752e14a65b333db6e0

SHA1
e1335ab8b0df363891deb7910d514d69d4463997

SHA256
203717e18d1c967770b3a01f5c391eaddbe7d00b1f352e85ab9a2b434099c07f

SHA512
bcb088310524dab947142105980a7caeb7ab8825c8583c1ada247fcdd9ef99e04da2359b4f8943abaabc9b571199cfe8756a61b2d0a7d7dc69fa4cb7a355831a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579b36.TMP

Filesize
48B

MD5
45ceb2da72604ae80c6691f2ac0573d1

SHA1
18ef97c6adc14b7d0b3247a957487574b9a373e8

SHA256
af6b0244d2b480b02dc0800d1f1a1055dd0f81a1d8c5310e0e63f38d3029b57a

SHA512
e884de68cc36e53ad8cc8fb34b6b7fa23701a7c52f578d6d62e4ae921bae298744858eda1ec1106dfe8bd699afef7a4136c0cbdbab0ec5fab5e85e72ec754d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
66876148c23e54a4a5326ec4898f0388

SHA1
2a1769433cff52f6c4d97eb5c6623c73719929ba

SHA256
4cff085026712a0abfa0023f9ba3fa822f43d3fec71132ca50cbf1126f4d42c8

SHA512
e35a771dc181ed18c2959846609fe0920b6e6047eb036860ceafe76185b04746a8ee6ad4a6f328de818a40585fab4824ea350f247f5dea655d3f86f60e1638ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffcca1f25f8bad519e8154e045c4d318

SHA1
9f2d3451300a17db6ad9f9e28dfa7874afa33721

SHA256
41f8de8679480a972452b52f02da3f49c4c7ff1005a0ff52e9216cf87eb737e8

SHA512
fe6b6c740214268fad5e167d6cbf5a0096147ef1e7841a5a49e51cf3bc582ef8051b5e65db2961d50bb4237a4999769b55e0403642ba4e5a812af4d8baa565b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0e6a0a351f16857bf73b2f234601749

SHA1
992dee151bfa457b39c8b860caf558db2af05c32

SHA256
3e5ebc64d6e088413a6e586b0a365a7aa5af01bb3d4369a5f6979a41be6f7586

SHA512
a93492dc56179ae21c72450e46b47d1ca60b270a425b738f91ed822031755cd53dc6db613470e545005b56568731234bda1378074ae86308e569273101bde778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579df5.TMP

Filesize
871B

MD5
1b2169afd6e7481afca96224635daa1a

SHA1
448e0be3e5fb460ad6098ada37a56f98101c18cf

SHA256
af479b4386aaf1ebaeefff7901d8476af8aa65ad9fcf1d75209869458efbdc7c

SHA512
b2e8e72df81e471ca18e15486a9ccb5ebde1351da3622b2e2f6c3196de4894d58fca4a641e1a7e1163e051d7e08f4f13010901d19408a41626b35eff67071b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cdc04e909a8a770e464a2c5b5616b424

SHA1
ff996f00ac652c55f74f1d6f321a8abe8433f2ca

SHA256
aadcc739378b2c7f16218412e6cd1041ac800ff81605df4bf3e734fbea32df8c

SHA512
289f5b7c9612fb63dc825b6ff8306c3b76f43051581750c0d8176816fb739582988a28eb6c1332b0691df144e2cb826c50bce9a812d6a2cb4a7bbb44bb0ecc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f037273f2df1029a4b7099ad3e4c49a9

SHA1
29316d1e65a5c6cef7a3c683099786335c84c0ed

SHA256
33b1dd6559776c25455a373960f47ceb79b59a48f9f56f4b364a7e3f1a42dfbc

SHA512
a45d66a8cfca014f403c407d23040a865a1a0007681762d8fbd1446dcadc4aefd706cda38853296d4f45255fced8a9061e59408d80573a64d2c354484aa88ee8

Download Submit