hxxp://yt[.]be

Analysis

max time kernel
1800s
max time network
1695s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://yt.be

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
4588	msedge.exe
4588	msedge.exe
2360	msedge.exe
2360	msedge.exe
2148	identity_helper.exe
2148	identity_helper.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4520	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4520	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 1224	4588	msedge.exe	23
PID 4588 wrote to memory of 1224	4588	msedge.exe	23
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 5024	4588	msedge.exe	82
PID 4588 wrote to memory of 1816	4588	msedge.exe	83
PID 4588 wrote to memory of 1816	4588	msedge.exe	83
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84
PID 4588 wrote to memory of 1836	4588	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://yt.be
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff55713cb8,0x7fff55713cc8,0x7fff55713cd8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,16096427305176169100,11320313563629777757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
c309fadf0aadef2531c411aa516d20d8

SHA1
13ac3823ff2da3ac95c1062ecc487e60151a4d47

SHA256
ea071409a473f6a352e227b50c3cce32c2a5cd7ff801cca38518b3a142357017

SHA512
5baf1d38bda7e533f94be8dbd48168d8484f7d3def8d78d7c6cec442ffd080bd5be85349a1f32d59fa49fcea7e27bbc14de8eec8f62e44ad89450810a9354661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6595f75cbbf6cb2230d4a844369fcbf7

SHA1
8925e948ab4586026c361afa1f3d8bd2f0e518a6

SHA256
dab4cdf9da59567c771fa052ffb41ec0645b26819df130a6bb8aca2f6cf79daf

SHA512
90edd37cbe4d39997e9e4f8ff70e4f4ee4f06341dfbc1fc832286f030b1029d1187242d3e093a7de09574db31f30d783988978e2b1145347e1178160c2f9de2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
833857e705f9a0e7340bfdd40a6f2f9b

SHA1
15dc4986e3e4f4c010b7359ab20ed58f1e73e19b

SHA256
6a27670c7fa5c8fe6b95152f73394a483983a47fecb5949d3f199b44b598cab5

SHA512
ac1899e55929b0f050eb784e495590ca3b59571a5c9740968583da8c06b2c86d6a72c797bcd0047544fa9b9766e9edfa4a82db6465be84e742e3fcaed5b27e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5a9e81d24bd2481e6890aa7ef12cb2e4

SHA1
fca604ab70c8a2493c963b610863f933fc7bffd0

SHA256
52cb6e23e42de850697af97b23ff1a855a0ae93292c79cfe87cb58eb2c7b9976

SHA512
d084d93385818ce0952dabe15ad4d2b305cebc5efa94e1dc0cd0785f289583e67c743e2c68ab0acd0fcc2305282222dc048951b81fa48827376c3798e46ed0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
848950c81bcad10ad2f67cf11ed38040

SHA1
02a7360385611213c394be76073cf4a06e3295d8

SHA256
d5537a358eeb237a354d9c7f598c93656244bd273f291ea9e9c8c579198a46db

SHA512
03f2220a45f67564e64b004365648d9df3d98879701c03b28c9609eebe293fdb5eb7c69f8fd0e5013789573dfecc0f5bc76a80a95818e7aff525320ad6beaef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e12f93919ac8ffbf39de012947880ebf

SHA1
5cb2cc721e79a747901cab38959da672fb53a3e4

SHA256
c4a48a028ecebe5f5b52f8c64b165509fa1710d86115c639ba55e7dac0296c17

SHA512
a8cd397d8056839792e408ce94794a91564a9879007b5714fc75e34f27bd57b75db4a99979def9ff3b5ebac2819d288679f25f9b9ba2f86bb584afe8faf51a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7493a6256bfd63044b5f7837d0b475a7

SHA1
9544076bfa330fa542daa5b51fd417dbc168b1fc

SHA256
4730412868680ac409f07567d1b752eff0809bb2ed1166bd56671dd38f99ab46

SHA512
dcae6b47e57f269a22131ef66910ebd1b115d83e40b16eb136d1cebac81329651f370152947e9f7f611e641625e22e6ff52a605d85f74344e4cf5f1bc826b9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42d8461766f77447ea94bfb2098bddce

SHA1
48501ae030f638d50ef4ce4b980c38b2073a95c8

SHA256
dc604c74b0cd1c36fbb9c7e0b9ecc2247190e19458199d64e1e55ebb4df5a5c7

SHA512
3ddceea7ee46d0e6ed93c7cba33101421508eb10be5ffe6b9424b3e8ffc028e6d4f84c443afc04c01402ae5a7591725ba7f4a80a9eb5ad718f08625c24cfa662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ca13d210441b04f75e1eadc2fdfb844

SHA1
92e44fb3f6db2adc7c1bf76dd600dbde2cf5ab11

SHA256
57c8a946ccd98232761ec936247b4a00c4ee75a61995f697f77c55254b0da5c7

SHA512
949ec19301820408f5fa3f91ae3d4d9a09edc8b23e793010277dc6378261ce73bc56be12c140dc10cda89b8e2db0f6f04e67e4963694b57c939d23faeca86384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78ec55b5d145603bc6153d2eca56ceb6

SHA1
ab625070ec0ec06aabdb350656f78dd1cd79e158

SHA256
7a8dde09765089324f58398cf3259779e6456dd43edc518ca8b9f15b8ef2a784

SHA512
6c79eefc2e74ddc8c8f2be36f5ead25c5836cba0afcb86f208b09e9f143b9f909931e61b8aeeef85ba6b9ad3755a801dc57a81f7067ff653c46b070a28ca3d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07cb944c-3099-4f04-956b-a3122e92d44c\index-dir\the-real-index

Filesize
2KB

MD5
a9e9ce45fa8d3689abe8f92a02fca1b3

SHA1
1d456c0e832cf52b11fad6119c2802aee9ca2ed1

SHA256
05c15fc244bbdfe8d9d8ee05b26f8e92360d5d2d6567ae3a49084dd37aa12300

SHA512
6bef8e21ca3e1c1e1b62adaface8bcfdd58b3aff7400a0949cc4fabaf5827781dbae14359d4b84dcd0ee6f897f64f4d40efa4473601132b00d2e9416ee51a342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07cb944c-3099-4f04-956b-a3122e92d44c\index-dir\the-real-index~RFe584c56.TMP

Filesize
48B

MD5
d4bab55a30a95b2dc4f2bb0e4d1d3cd2

SHA1
830507ee0df099862213f6545a2825093a8cfca5

SHA256
7a6fd920a35e014cbf7a79c162190f58fb3dd07ff060a38ff17b0735dbd3e9f6

SHA512
8dfb8123cbbd876b459553e970542264e68b6327216ac9ef77b678a01081a76da573fbe887db5eebcb94a0be7e7f7a90e275cd08cb143e6d1ebbfa39ccde4b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
10dccfd046d9699ec0ae1db8ab4b99e1

SHA1
dbf191444c35989434e73f7c7585b09a918a53a8

SHA256
97f48c7f2ac696249000b9e53e71384fbd77f1c562da1bd7fcccdd41dce0f558

SHA512
10d497b322c6ce7c2e75ef6e930c154d6cf510d33b04797a6ec90406212878052e107f03f427d29c00cb82a3e1125aea4aee5d8fc71b3d313164c3903138e0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
430d8175466df9988022b881c4f97227

SHA1
fcab28c89f28b8fdfb20ded85159c1be8dd34157

SHA256
52a3b5f9068eb595552142fb64aa0fa9361c265afd598cfd3478ca3b62b870f9

SHA512
3c822be8120dd5155cae8b94329e3a7a20875eb9dc681126c2d26e9edb1723e6fc6ac9372537a8af0b25ccbeb9576293a93ca2089a414307e42e0b292d8c5f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d7923f8bbdfb339f6523616eba852951

SHA1
5feb37092536d66ba7b824293657299339509c8f

SHA256
d4b4635d5be4f0f39a4caa34f29f252df56d583dfc59928a27d3242b766e311f

SHA512
17326977b2e866e4c49fe794e014665b058e260301b50f64e4d4a6f1c0f5d1a17b7829523fc57776f5127810aea84bdb44c6c34cbd783808e5dd8c5d43cab313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
0f277cfd0c9dc970ba6582d3956892f1

SHA1
742adfd4641e79578e6b5da229fd37059ab121d0

SHA256
94fe7ccc086de5c06f63439399cfca83cc3fe5fb5f89e72c2041aab8548f496e

SHA512
617d26a97b4f16bbe0cfed336a0f8c4e3787fc2f35e329c0e4c483e08f3478495a09bffd4dc32b58a419614619cfc9f6729416fe4a614654350654f2af973d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b7a52c7fd82790a763464bd541fbbd32

SHA1
258ff2b7d0428c8c56dee0f22d7b9d8883a2b936

SHA256
bb58db4b63ac816c0c65b660ad4a66dfd1fa0e44bb91939d873c39df1055ff30

SHA512
a305b14742d38ca600f16c879209885950d24f079bcfb6dc8b03e6b5ba59f8f4c1e0b566ff59cbd0a1ba9a1f36f0b90a502ca18c7dce13740d4e164e1e7cb4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582b60.TMP

Filesize
48B

MD5
5bdfb734b91ed2a7fed029689fce70a0

SHA1
1963dd113925c556ca122ddf130b086d011e3916

SHA256
46e4a0bef2258fba8fd7f2fe8c76070498f832eb4084fc4a591a187935327946

SHA512
1a769717247ddfde1e3ba11262ac3a1f313459962c4e717dc9a011dca3e2b5cbb3d9291d486f9047bee967beee4f5719fb685fb8dcd9aaec53350277f3aefe06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d6b7de442d6061a035a597596dba888b

SHA1
f93c97216e014bf160fdb7eeb50c7d7bad787f6a

SHA256
2bb36e8981911ff20ae605304a8af370c0eca0b031f29bbbfad9d5fa81b7f24d

SHA512
19f3d6f856ea5e8331227808dcb17bf5445f8078cf0fdf591bf098d51fd1af842f77e68d7dff414bade4211cd460f3d02d90d055cd024d17335cda58f427687d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580162.TMP

Filesize
539B

MD5
af5e0875637ff9201157871843097339

SHA1
bea994c393308c1d647d6881e4918e880d6fb3be

SHA256
6c96406539c798597cac9235d7740709efcd37a317b0eeba525f547da40d7325

SHA512
dc60a3458b6f78cbac7ac4d4feeaae532680098c46b60cf2663dc75f20e77af55f7d024c730ab3db6103e7ddc5588a106dfcd48601b3442b7ffe4a2ae2344329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d291e04f2d28431aee4994a2245c4e0

SHA1
80e89b1c2772d8cbb4537f68bfe903256f89cc1f

SHA256
316381d5192c948be416cf9e9b2ba96114add10f52a8e99a93d7ffc57f799617

SHA512
4cb201124bd20643422cced1bb57da21adbdfa55afb65a80ff9b8f5c996f3cfbaeea344ccd8b1debe98c272fbaee7265f5263041a0bf7f5125323dd4052c82cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8de0d2870b76e8a4814c3123ba146e0b

SHA1
a253ab187903133d399770bd1b28e8cabc8e0a11

SHA256
d2ad048065421779ff96ac889bd2f93f8fb9b98501456f0c679ec251b84be45f

SHA512
318fb0b1ace2146247adc8beff47a11980974b481028df14c74478a2eb353efd034e9b6205c0038304fdcf8e33b97e3c9abc5aec0a24813b12479d02e2f8ef91

Download Submit