hxxp://youtube[.]com

Resubmissions

27/03/2024, 09:48

240327-lsw3jscf41 1

27/03/2024, 09:41

240327-ln1j6shd78 1

Analysis

max time kernel
281s
max time network
288s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
32	msedge.exe
32	msedge.exe
4856	msedge.exe
4856	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
412	msedge.exe
412	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4552	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4332	4856	msedge.exe	77
PID 4856 wrote to memory of 4332	4856	msedge.exe	77
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 5064	4856	msedge.exe	78
PID 4856 wrote to memory of 32	4856	msedge.exe	79
PID 4856 wrote to memory of 32	4856	msedge.exe	79
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80
PID 4856 wrote to memory of 4600	4856	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff8673a3cb8,0x7ff8673a3cc8,0x7ff8673a3cd8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9846583350083552007,1839034203235214490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004BC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
72e0f3fb7305eff37d8781207c84a5df

SHA1
c49edc8d18871e3fcd42ee0d4989afaf5fa786f3

SHA256
3e9a295511970b1aee08de522115fe816462f6fce7be32270138f32708856358

SHA512
473ba8c1cb45c6b5202ceec4ff69bff75167dba0e8a1fb9773ad794885ccb04e49a66fcfb491c48124f84f57860128f18403c50c2252a266f027133f10b3c7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f59f1f59fe2eef9b82f241d04faa97f1

SHA1
02772b6f511c8f4a554f1900bb86ae9576ea12b8

SHA256
75969d54b028327a4a7cd7b65415b4c5cf5b9a7e36f35ab6c134ecccc2d227a6

SHA512
767edc80134f28759312b53a8845ce306689a5daa111d28116fb747936387180b4e44e6a51f182e3b9583bc4115405098dc103a81dda6ced7e51b93bf52d5f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d4016ce08b4770fdf8524a3ef2940a21

SHA1
7da4a53f091e29b391967e0f2637c6058482e516

SHA256
eec74231d1fce73ca05741d31fc850f9f868509770b2dac8b3cc45c06f41ae7e

SHA512
a8b676933a123128b5c7fb137444f972fd642b520069913b20270a423f3f2787c9ed6cb8a1b9c6269bd0e9c768f390819f7a6ce5d9ecc9dd91705d07b00bf6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5620fb8d8b3fb2d715fd3130c0fa984a

SHA1
0ef82885c572260a5b0a62615e92078ceff99cb9

SHA256
033392041ccaa4f6262fe5d8eafb3f71e96a6eae412ad016884ca0b134bfe7b1

SHA512
6d6e09a371fdbc78d7c1fe481a7b71363ca26fa79890f986650cb52e46178cce563cec9161aae870e763037ae1a5e5c5069e4d461e479be56deda976426b96e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b249f39242a36c4dc6cec1b17ddd004

SHA1
794c8a79c1e26234a09c22ca75a8ac19078b2185

SHA256
80f9d49f270e3fdbc7085cfae83b1828f7695d72e56fb6b13ce27def66b91b34

SHA512
e84f80740c6b0fdd3bf1e431c5f65149deef8811a7f5ce33296f493201bf10c7c64c550fd6208808e5a04dd172527f63ed3858c5e0ac6a8ca57949464dd3799d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fdee7a56bebe6d175ebfa5854ff7012e

SHA1
556aad33bacacde6e06c63a6ea3b597d7b122593

SHA256
50225fe629a1f635bdaff2acf15da262de3eabf8f3f935590876b25262652c5d

SHA512
e09815a5f8d7ea635a730d41ff7a3cb1de4e0314e588fedc3ea83a9a9cc33a5ad089e8b59fb176e8fc5bbd5ec38f6cb55ecd9a4725ba9ae093ff128fa67a1bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8767263e7e9106b944768e359215091c

SHA1
9960212d5adafb97437478264064ebacd230bb72

SHA256
8407ae12fe4d65a7069c8baab84d48f96f566f17a145ac710170d78feaf30166

SHA512
21f6518171e271700a7eb4aaeb04a92fbd440c638ed69450c385b560aa10f7ff5bc899ac9df4ec913e04cf397a662081386f29a739f0fcdeba54a37131e9cfc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f936e89a1cbd3950ec1056474913f1d

SHA1
46c1e0aeef9836e477d0c9f46871f363aa02f045

SHA256
42a5a602bb57fa3885fc3718378595ef029fef3c8e97ea052cf79c4c6da6112e

SHA512
645a82a0ec3b1b8db52a7823e2f532a2f844f8e25b5914ecd33e762faae6c4f42a16a2365da28f042310041a84afee11518eebeec884fcbe0f64cd9be98650bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c35cc03723a429c7ea84380995f62ca

SHA1
5b866700d1255b5cf5907687f81ac9a264a548ca

SHA256
95fba02208953cf4f944dbe9931cfd2ea156991082ab3c21d36112ed768f3e9e

SHA512
e17093c81abb2b350d38e84512992c2fa57fa3157949fd60864bf6ebaa712ba5f5af042e746848302aafd88c07cafdbd04f9999fab45471e2a971e8ab04bdb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1888dd9f-29c1-46c1-ab99-6ccc2451324e\index-dir\the-real-index

Filesize
2KB

MD5
8e41b07cb54aa36efd6dca8808bcf35d

SHA1
e1e14ad7adf5074e02bc4cd34384dd699e8173db

SHA256
eac159db7ecb68ed92a60cdf55a65686d93a96832d5f251fb0f496dc9a71fa61

SHA512
50692e084447590826c4ab47c86dd03020b8858fa44c1a1dfb43277324c64897f10b7a55ea7f1209a6547acd3b776a4f425fcfebf086f51fff26214a2e5b0cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1888dd9f-29c1-46c1-ab99-6ccc2451324e\index-dir\the-real-index~RFe57b4d9.TMP

Filesize
48B

MD5
6c34c60c2d397ab6fb469e695501858d

SHA1
85f0819e551b69880a69770310832b263aaea580

SHA256
80472174fe5d0e6e9b7dc0eb9aaa79447c4aee9d39a158653b3e20591913c22f

SHA512
b718838aeeac1b9211aaa3a104ef56ffb32e24bddf8857513f4af71ba4645af1fbf932ae01fcc61ad53f69efa692554decfd62f0bef27982cf2a2bb7774891bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79cd4da1-ef11-4395-9c1d-5fe7615565e8\index-dir\the-real-index

Filesize
624B

MD5
786bcb9fb358c257b125745393ff7e77

SHA1
ba54b372ca3b18a435ac145fc5819b1d72a3642c

SHA256
c5279c627060bc2f7885defa13824011fac57684aad2ac6f3bac0aa188ccc7c9

SHA512
fa2a06d2a1bb0a5e016aaa1e8e2c93091a6591d30dfefdaa022c92ac2e71c7cfe223251cf84a7530f9abf5d84b50463b823c1a5c83d33205199a1acce36144ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79cd4da1-ef11-4395-9c1d-5fe7615565e8\index-dir\the-real-index~RFe57b94d.TMP

Filesize
48B

MD5
61e483b86cfcb9964f21a7d1e493af83

SHA1
17ce0d9583e75f4d53cc950ca4eaa1dad958527e

SHA256
58d2a65e82c6155af3f9426d0503c8a215279cb731fed58dd043a0f3dbe6a4e2

SHA512
0292ea5abdbdc4a888141df863682e4e17f7cc02c4ee8d7ea1d709945d25b68e5e2eb0ad4b10f2aa28f732f9209987b377f3fdb95efd04d450ad27b81aad5e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
952792e3344f13f5bb97eecf0fe55e9e

SHA1
e8ad9a287c4b1ae6e4fa5a934d44d0ea1aef3671

SHA256
ea4cea826b55ef131d3a612aaabccc26818600e110bbb3889b81ef5e51fa129f

SHA512
d46d092a02f3e34b39b1dc50bcdd978f120d6cd327eb5c7ae5293be6c429d6664f980db52d45a2efb7e80d038f1cccc6119ea05d1eca06433ce66a0efc9d7102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
69c922e2cca896c49552698aaca768ed

SHA1
22597e332f461d4631d364b23bc5cf5333bd4c9a

SHA256
9041bde1630509e00c1c693abc515e6523a81f3df43b544258657790d7d9ba42

SHA512
da51da3de881ba924f81a216587cb2c95d4f3eac6f6226a1daf6921c222a067e8c8116ac8d9f7178edd702e9801929fe510a61578c9187271095c6e1c878ecab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
5b54f01c07f468039ddc38b430ed9af4

SHA1
39c6eeca9f7d57bf9850c2f0cb6a0f9e47115fef

SHA256
7da6257630cec6d96aaa3acd486c334e81edb7425a830a807a03d6243cc343e7

SHA512
95cd49cbdbe0005eb23c9cc5a1c79ae305bc6230d7fb8cdac7f97b4f9337ed417640bfa7afdd045d7fd22353239a2ecbd2ffdfb10baeb060296e0530fd32bdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
42cf8d8aa61d7e446e6cfcaf2c286326

SHA1
dc7c26ebb18228cf5ea04d759023018be3385a86

SHA256
e722da851073a07039a7959ce2e68a5701c937570e014280a072665a8128176c

SHA512
e9c8980d9ef344cccd95b8fc550b65a9a4bc3903139abf77d5573356eb74fde86b8a4a8d821d473b910cac737acc0aa4b85295a6d596b347aef23246e15841c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
da70a77689166e7f7cc96738c548ddfd

SHA1
c4ae4509854838cf36f0722eff7829846c11fdb9

SHA256
9d0e200f0f00d54d2fbe84bdda0329fa378c62b45f352ab3d123c1b752d774b4

SHA512
e94dd2f8351e55f23a27e385dd9b41eb6ee9e2436dc94acefea54eeaf14e533487d67177b84e53727c277e6c647d1ce345ef74c7b712b6f26fb157041a554785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
16KB

MD5
fbd1a12d2945a30b8d2315f43572ef2f

SHA1
dc744633e01773fb5a75b720dd3fe4408a7ac31a

SHA256
64f4d79779dab807d55bd097165d57597a13e921e63e1ce35e2e38d8f3392d09

SHA512
42b4082bbadbbe555b7f34a3524aafc3c4d1563e84f6614ecf8aab317765ac976d119a682b112c424ea5337fe6eb9e10206b963b0f077544ba704da746b3063b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
39KB

MD5
57d211fafbf1ce627d8469a5728e552b

SHA1
af8723e41cb50aa31c6454242e768d378bedb2c5

SHA256
0c8396163e07a0a48e6b2427959a0d728d3fa5ff3c02f849fbe68c5d1b10f00e

SHA512
b500ea18f8421a6c44f64a16d13b5f552d46a7dba7af118a29eeb8fd107e4d95d1a8d571479c608c664a1035c88e94b3f57007be12fcd3c9a786f17d0cf477bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8449f0235e8d94178f619f924c6c3503

SHA1
44df66f6d86dd3278f3bb5fb099f1dff8cb9969c

SHA256
714543222d576a7bfaa80c74edcb106e76cb0c24c93d267a76f44ccee7aa3004

SHA512
5e137f15b2951cbd79e26d90d78d045b3947e07bbb70e8aa3cdfc9a46993b3379f5274b652bf8012258a1042a6af9c2b6ecfb33c2cdc18a445565887fc18e915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ad66.TMP

Filesize
48B

MD5
2d4639aca251b7ab6b46be665d0424a8

SHA1
3aa26ced90aa7420cfcf67d8eb2e1f371d185a0f

SHA256
fa13adfd7581f92462de0f6308490d99a6bbd94ddc3cb84330eabf8fd23ad94b

SHA512
d622e71c1ec51768fa734746aff46c99d7c8ff63aa72c116894a8c04c302003072ee004e58190f0ec7be554d35c9a1651ffe167fef092520aa893d3cdb67d256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1204c262719ef54789526ec7717bb1d9

SHA1
318d5367e102d09ba3d8f321a562569f1f6c069d

SHA256
84bb2bf0052a8066bc8b003cd238a8f8f80a6c8b442265938a08f9daeef1095c

SHA512
a1e4d83abcd2e7da29d7fb87fefc261ee9177b4f57c298988ab0f5ad653d9e3d3b7d1e904008397c8e2d3f9a5dfd0159f66a466e289028d41d24e2a87423cfd5

Download Submit