hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbTc0ZG5DMHJTMDdxMkx5eWw3bnZmalM1ZjVld3xBQ3Jtc0trSjlVcFlULVluSGduYTh3dWFjSHl4NF9MVTNlLWFNRUViTUlZS2ktR2xKSVF6VzJseXBzX1p2Mlh6MHYzNFNZa1RqR0ZJSEdqSmsxdzhMREctVmEtZXBvV0gzUUczNXFCaUtxWUx2bEFNNEN0RjVXYw&q=https%3A%2F%2Fmega[.]nz%2Ffile%2FYk8wjCbA%2350immWVVS-ZIagAKZAomIiBuktydWC8X3inIsIbq7cI&v=nawqGkfEVBM

Analysis

max time kernel
1179s
max time network
1185s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTc0ZG5DMHJTMDdxMkx5eWw3bnZmalM1ZjVld3xBQ3Jtc0trSjlVcFlULVluSGduYTh3dWFjSHl4NF9MVTNlLWFNRUViTUlZS2ktR2xKSVF6VzJseXBzX1p2Mlh6MHYzNFNZa1RqR0ZJSEdqSmsxdzhMREctVmEtZXBvV0gzUUczNXFCaUtxWUx2bEFNNEN0RjVXYw&q=https%3A%2F%2Fmega.nz%2Ffile%2FYk8wjCbA%2350immWVVS-ZIagAKZAomIiBuktydWC8X3inIsIbq7cI&v=nawqGkfEVBM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
3672	msedge.exe
3672	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4624	3672	msedge.exe	88
PID 3672 wrote to memory of 4624	3672	msedge.exe	88
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 3960	3672	msedge.exe	89
PID 3672 wrote to memory of 4316	3672	msedge.exe	90
PID 3672 wrote to memory of 4316	3672	msedge.exe	90
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91
PID 3672 wrote to memory of 452	3672	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTc0ZG5DMHJTMDdxMkx5eWw3bnZmalM1ZjVld3xBQ3Jtc0trSjlVcFlULVluSGduYTh3dWFjSHl4NF9MVTNlLWFNRUViTUlZS2ktR2xKSVF6VzJseXBzX1p2Mlh6MHYzNFNZa1RqR0ZJSEdqSmsxdzhMREctVmEtZXBvV0gzUUczNXFCaUtxWUx2bEFNNEN0RjVXYw&q=https%3A%2F%2Fmega.nz%2Ffile%2FYk8wjCbA%2350immWVVS-ZIagAKZAomIiBuktydWC8X3inIsIbq7cI&v=nawqGkfEVBM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab57746f8,0x7ffab5774708,0x7ffab5774718
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,13218997111179710809,272805216080322024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ab56827858130076157607a873b53fd0

SHA1
6e6a2c1ebace29e5b2e0cbf13859333e8ebc9a21

SHA256
4949d8e182a2cefd6465dffd159074e47c68529a790a292a42a8f8e655c58e5b

SHA512
69bf9c27486220bc37a0c32a10d950d3d37223373bf5e0c4b702c6c970236bf43faa03b73774ffaf57fe6e9d8c2ce17ac6c8c8df53da324bcda500f0376aeb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
666B

MD5
2cf4f701b40840d30a6cc117992c12e3

SHA1
2e8c0b9d07dc464a73f82022b1b84c721522fd8e

SHA256
e09a703d33d61890ebd710a31e64deba76e7df8c5f01e14140426449e236c970

SHA512
48b90b6038acb44700e06496baa0aa089a9f38072181f6b8a3234d19689ff539ca9901fe06e47fe94cf9517ee233c2d22e2e0b9ae6a64a7e9ee6ddd384d76ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40132c41df89f1f26c02192fc3600acc

SHA1
c38f591115d8103902e6bed8dc530d99711a6915

SHA256
a3a013cd89b8ff12387f02dc448a6529a60c32fa8a5dd450d9a70a4732098bdc

SHA512
ec0d23c86f07bdf80b5535e6d48fc8f92c7b557cc7ed0314695f7878ffe1c99f0dc6d1a4c26f554f5e339d669c77444725e1eab9cef4d30af91ce75a8325d5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be3e566ec5d4bad1b802a268e3574aee

SHA1
8851b0bc0f453249ea8fef43ea244dcb022abaa2

SHA256
c262c136c04cf197485f688a40f8c611fb34e464e1334e0af7e47fe4ddca57cd

SHA512
93c7eb4e8ad8cc540ef35d5d1880fccd36e4bab5a4423d993990c88fba5b8465cddab62d734d9595c022af4fa360476ea0d7fb0fe47e652105a0278a0476433e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be14123ea5205939139c415fb1717726

SHA1
57fb78516eec86b25b3f23229831f2783b81f37f

SHA256
7038482e1ca56b6b76749c063ded235c2c5f2d880ec1fae3b7e52a2fd4d5e641

SHA512
b9b0f6b194375c9bf170e063fa37f1fe1ab813a81cc05c53a641449272f8e9076ce65e972b19bef2e8ac29d93c576abfbede3bee0d4875b0b80a747e749d0c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7b93482513e2cf1babdf5934eb5a1477

SHA1
4fd23295731945a7bc46c7f517eea39dca93bb33

SHA256
b430fdddc5adf76fabf0244845c465eabb66bea88f542768d77d536a14bced94

SHA512
9c2694550b0eb7c95dfa6ea1a7597ebf8a54cc67aedc21e946910daf14958aaa07e2e16de9dd6bde3acd3082a7e2b2093d376d6c9b743d1f4ec26c844922b5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac3e.TMP

Filesize
48B

MD5
af622edb3777c93be9fa67cf076880d5

SHA1
6bc60e6cc3330e97599bb54d93938a6ace08deaf

SHA256
66e0d15557f315133b23c81a057d6637d91483b3792997121fef369accdfe4df

SHA512
3203bea2ea938cb974870714a1c522a9f80ff0b4da482fd16b111d22f14d1b00fadf1973427da563b96b3cddd88b9d292266346ed3fecc56f583a1643e4371b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cddf3a3b98208d47bb829300c795a5f7

SHA1
febe8d194ada99f859706717931a6c303128eab4

SHA256
a6f2309e8c306b51a41837aa717c05f13721891b8648dcd8d4fa72e7448517b0

SHA512
2076186a6293426eeb108af45d52fb6ca996bf5b93609e36e40639d120b78c1488af94a9330f6549f037124308e28234467673f5d2bed6657ba96dc03de9a7bd

Download Submit