hxxp://youtube[.]com

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
2616	msedge.exe
2616	msedge.exe
1124	identity_helper.exe
1124	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3488	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 1800	2616	msedge.exe	86
PID 2616 wrote to memory of 1800	2616	msedge.exe	86
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 2532	2616	msedge.exe	87
PID 2616 wrote to memory of 4104	2616	msedge.exe	88
PID 2616 wrote to memory of 4104	2616	msedge.exe	88
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89
PID 2616 wrote to memory of 4388	2616	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe778c46f8,0x7ffe778c4708,0x7ffe778c4718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10588824657617951809,548718004633720941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0cc85db5a5d24447bb8db39069b0f1f6

SHA1
4e89301122ca44bcd4cd3ba59c38bff5c8a766e4

SHA256
ccbcc664b644332e4edfc120a4ca46a8665b790747595b59cba05ad81eefd95b

SHA512
33027795b336e6b8ec57dcc4c1db3c81a2104c443fcbe666215b07d6094f1cacb9c313ca3d56ac3357a7894bec4c9e6c0446628ba589161139b9d05f64f84a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2c3ef278b6a558f3982dda6ebf5b94ea

SHA1
b248a948dadc3a39f754f7fa0ae159e195ca2794

SHA256
59c85883795cbaf298554376c2a45c75cb952b5eeef1367ff72e3d8b93891f21

SHA512
b22a50c5975b254edad396a3dece851192555c4b9fddd6c59f087229048d9f2900a395c8c3a57b647d231d173e3d236ba0bd5a2686432297e907a7865fd6ca24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7ee3c215f53ae4815121472f89d2fa65

SHA1
4147343ddf4baa522340df284fdad407886c1d29

SHA256
89a4215c022c32687d2f81fb7b2d63f9a2e7c8e4bccf19a890008a4a85de0ab6

SHA512
468563ae86462c02a35e32ec66925a80b838987881179fc725ff2aa0f4462bb6eb5a52d2149ae69da3627057b59823eeeeaf794f1a8fabf3669430a3b5cce615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
104a0984324f56e9908eb2ef0af0a1a5

SHA1
370551a2611b080d8ef58033b38b2c2ad63c1404

SHA256
7fdd06913d5770438a6bcf2f71f19b0ad8a53a01de47fc29289d47fcc94e291f

SHA512
dfc6c98ea5a8eae43bb5039d0f5158325cddf8e15ae08ce97c91eb73607bd6ac00ee8e303539b53440074c70073a424c01aacb0cd46ba8f6191857f3d1fcb9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4a06ce6dfae352b2e825d37f61fbe8da

SHA1
5975304d4ef56bd8c45cc654be473139a73afd91

SHA256
3be7823a35fd19d3336e889d65e5961172f52b7d8e893ad330dba8eb221504ca

SHA512
9d9ab557b6cd977b4651d940a964b39defb368e1c7a1e770b6c08cb2de2953756616f7a31019d4f7c84864003bf1be1f172c670e4b9e3ff9a214a6bf62b0b219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4475700bb345d1f77bb30e4f4a0a79f7

SHA1
4f0ac4b6670f80ce3881942775f639b8014462bb

SHA256
0279c87d3b4da71d6f79c1d49bd173937cbb927f4b060fd0db721bb4ecc3df19

SHA512
471a38b5d4c39ca2c0f81ae279f93495f036e48bb39a4f0a7a53025082c73accc7b00d4fdd64309bfdc6cf048c109c77a91ae64db127ebf6a044394f2553defa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d922e0f2f5800eed526180d98ea736a

SHA1
4314c83c76ec45c23d99bf218032ed89939cf509

SHA256
fdd673e43acdba0f45d095bb42bf6e02087a6b020149e890a5b086111beb50cd

SHA512
53e225b8049cde6920cad45c570fca8d26b69a92e8929093431e7619cc4735f987acce0766f3eed69cea9300df1007daa94baccec65ea6902bafd92a4f7f1d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ceaf7b3314c31591019f664cf09b0ec4

SHA1
0e03606f43d0bfc1b237e2ffc96139172bf38310

SHA256
deb069268f7522998b41b328440280d331bfaf0818d9815d574ec5295524efdb

SHA512
3092840c0ee64dca7f8c6e3a31c8df2ac7f6b189c04db5d03c01bc6267ccc8a3f07c12e8b70702bb9ecbe9a6a881d317773ca473aa4c352a48cd86f88065e7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29c66a9f-8551-47cd-b764-f9afa27aa416\index-dir\the-real-index

Filesize
2KB

MD5
322e403442283634e318edc6ca5292ff

SHA1
f9f3fc49a0a5e6a8c3cc76c8f7bcb5b1d90f5a53

SHA256
3447f1901f2cc7a113918e16128d21e356fd5507f780caff21209c7abaf24a25

SHA512
b43425651c6700f37779a094a249a6607b4bd8d22bc3692c21d2900e00ef5a27d12e6eb397e8fce941f226abb91cf2dac4d13d17713b3b4c75aa2f7213aa2aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29c66a9f-8551-47cd-b764-f9afa27aa416\index-dir\the-real-index~RFe57ab72.TMP

Filesize
48B

MD5
49aaf4e2368f82c8730166ccacd7b31f

SHA1
6b0efc6caa57fc5a97f3e491f2a35e3466b0b40a

SHA256
957328b9e161cd9eddf2a63db1bdc4929da644e96a65a17dc652111ba478e7c7

SHA512
919c2b62287f070153e17ae02fde8aa5c55b3dd0a7b18932705437800f72b55df46ca6a3a3345a67a54038fdde8bdc3a1e82c1284913b5aff57c9438cacb16ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d7d325c3ffe687bfd9c6fbbab9bd683b

SHA1
0b8da3e800c6aea92bddee17023f182c6524e8c6

SHA256
fefc898cd073957c36ee11c8e49bb5ff1caa3a0d76c3f928a7f08c5516ec9316

SHA512
53dee26abe0ec52302e3c718db094d5dec79fe0ba05ccaafb579b3b4fb0d1d88a5f426b7971a0a7555f4a0ec3592c57305ea413b9f081ab3e1bbf9d83c26ee6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e8ecdf3da5cccb0fa6e7962613837054

SHA1
f150777bcef360e32b94eaebbd8954ff0c8eb05a

SHA256
6c87bb57e7b5290c3b5eb10606c779e85a5c455d05667ee8dcf2cab5232bf440

SHA512
f8bcf228dd9007b91f15376e57bbcb03a1e0ce4a137cb25e8c134ca0b6dced3ebae301b27edc5b0d58d319ecc4c8fc5ad5d4398312c1910a3f819b136d21d3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
eb990cff4f5c8bc46709739f4fb6785b

SHA1
158996993d3e1515bf5e2ddab53e8833fe286927

SHA256
c559d799367555a93afc552eedda2a9b5b674f0792169fcbb16385f6b9f8030f

SHA512
7fb3c8d313b8b7dc5c963a8ff2514394033c043c7b4cd3467cbd3b80a3d06ead7194556773c5d8561187299dcced464a5232a6b3ca50f221e1238d97574811cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
281846d2583e18ce20aa2eb7a9ef07bb

SHA1
3df4ec8f4a4b8f7716bb97d66abc68c5214d9b95

SHA256
2c355715fe9b03af4560cab74d2e67fdb40be8f1d93e4439b92852c3ffe432f8

SHA512
9753b07fcfe973d9394f37a5dc39f4d936d9c3a96d5dbddae6e224e714f30a7778c3db6287a535528769d3975590d4c4a9f8621cbc179cafe31669af133ba7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
310b5464ab16d65d80ecbba496aac6d4

SHA1
3eb03af4f6f1f6085d01e62a20893a2824a9db8b

SHA256
cf46cf6f3520e42f95de1d5c756d94d85baa040dc71ccdf5c111310d8c26f23e

SHA512
10a8df8ecdd045ab923523bf8f9b23dee83dd38364be433af8290e49c61d78b21baa5a8e5d292a5e3fe1bbee23aa18fe4a6b9f41af36a9da859d935de1292fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a5f4.TMP

Filesize
48B

MD5
61bd1359172f45ee827e29b53ad0c13b

SHA1
306ff7669800ef1410ab5a51c9aceb53ac5f36b6

SHA256
bbbbbfe98b862bfcb3021f57ad99d968fef733f2acb0cb5d7eb085c9e896aa3c

SHA512
2fdcc31d3db865f81f593b20a6547ac2aba0f92cb4aaaf8878a43ae07b80101c8570c7a6363b3dbb1adb365b482d4f60deddbcfc8c0b121ee24ed7c7583f55ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c189cc7640dd954bdd6972c2ed8fd68d

SHA1
c8ee1109e00c58df67a650347d8496abfb4bb260

SHA256
80ba7128b260eec304c88edc1fd70f78a3d451e84f0512e269a523eb24643572

SHA512
24fbe8d9be25e9306a071905bfc5bb2284288681e5776986d85dd9d6786b8690999331402ad59c6221c04fb6147fb59b09627cad0eda371345a667cf741a12a5

Download Submit