hxxp://youtube[.]com

Analysis

max time kernel
1800s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4252	msedge.exe
4252	msedge.exe
4740	identity_helper.exe
4740	identity_helper.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4264	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4264	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 2868	4252	msedge.exe	84
PID 4252 wrote to memory of 2868	4252	msedge.exe	84
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 3076	4252	msedge.exe	85
PID 4252 wrote to memory of 4400	4252	msedge.exe	86
PID 4252 wrote to memory of 4400	4252	msedge.exe	86
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87
PID 4252 wrote to memory of 1168	4252	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c9546f8,0x7ffb7c954708,0x7ffb7c954718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2274965040393481876,5961581065700109583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\052b84cc-b592-4353-9a15-e08d648a9b24.tmp

Filesize
6KB

MD5
a29bcd104f3a287515367ca8ebb1bcbe

SHA1
30d6b959b7c7a40dd82b3b7d20c3ed693324c92e

SHA256
32be90ecd605ab93325e19d1df7bb0b420745101e4f033695276fa14a5c69e36

SHA512
d0d847596c033a7b6d508cf2e77412db0a0e0a13af151b743eee2c99985b4014329f0225c58f1fac57d9ad118ca9ce73c976471966c81b0d0445058fd86e3824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
731f94044f079c3e2a5f8108d86ef4e2

SHA1
9045934da73926dc0530dcc8699684dd65b665b8

SHA256
b3088a798a5e9f6e3d0065dc4490647dcc074ef496b078e5fc9748d647e42500

SHA512
ef729284fbf57e05a918136f65b1d5f328ae079e88215f771c39814be3828641aa286077318bbec9682e6e4c46a3c0b48df05bf56301d3c185da5641cf2b9116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f5e92fb390292a978a8698eb290744c5

SHA1
ae8c48f255233d097e34d21afad2538f6f15e30a

SHA256
d9c7ddd8720ac3e382d943bb12b50f3e1e1c40fa039b1ce0dd215aefb2cf8f12

SHA512
232566f9eee7042bd343b031241d9f7191ae483e8ac51f1c1ae2a02ac7f9290420eab759d94e7278d4ca5565943bfe9b814ecccd5ea6e9b6c1faff6d77d8bfed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
034e3e34cec34978e14def1624a8a4bf

SHA1
a081af78f9cd899b6321515f2e51ea07d2b8b4d3

SHA256
4fc200bb3e9f3ed85531f241a6c0790b83575c22ef757fd350631fbd62341837

SHA512
3769f610e4cfa318d285e12402e7f34cc8f455171c959050f2d4ffdcb73e080335c88c6edc9d577f6934d8fc833f88e426ddf01fb9299dd6a51d89b914f3f2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ab6082a552e5a415f08fc5bf521df3fc

SHA1
7ddfdaf5e8ea17604f5a4efb327dfee1c21336ba

SHA256
773d551ca1915e730f3f4e286784decd3ac4e6a1273a874927bf7309f85fa6c0

SHA512
537d922fa34c913c79942b707e1af174c8dca3971c65b5ad393db7bd47b8306a7937a944c846922835d1fc1689b94bec3eb334d32c9fa055cd6844b310edd76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d51d8a5da1949c8165bf17bd0a09833b

SHA1
b00a848a0bf6cae0f7ad66192ed730b90950d05d

SHA256
a37b01c177ab46d74b38c5574e26f5e53632296cc9d0a53afdf9c65db1fe8e82

SHA512
43c1252463d9a764bd43ecccc37ce68b92c962127b658126857ea621690b3308033981f3b7e6eae76daa5e69a63e424d53fa6ada99efa1d9914601424bffcded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8f69a29e7666edf2b25365dc3b3c222

SHA1
baad6db71e8342af32065ea0d4800f1703687484

SHA256
63bbb8c5243c3bc0d72e5d9d41806993c14b71d4ec9a7334a6c66b62ad5b1a1e

SHA512
cbe2010b163dee32f4dfee746a619fa9470263e23fc8ee46f1438cd606238fff9d8d55785f39636a4c088350277a72ec58d66cd4ca29fb139717bb78799535af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86458263afb34dd3119fec94453312c2

SHA1
64f2a216b1962540c5bd1907928bc8939bdb4315

SHA256
ce4800d014fd7ed59c20ae895b21bfbd0506da0b17aee6e24f6555a99cd57745

SHA512
c692c8de7654967aab2dbab876f58aa8c89d85111395deab8b94b0b6c400f94857f13c32cb1b780af9823e1fb40d8546f628d8b526879353d9d87473e5f93b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a3820184-ebea-4f86-aa73-bab91157289d\index-dir\the-real-index

Filesize
2KB

MD5
f63eea4f89e2709d46cce9ddc6a15d83

SHA1
10679baa4d99f0c34d7c77ad8679b972dd2c0e4b

SHA256
1208c502f2afad939d12a7fd6473347a7201698c255c0b53273e96ef08d74f56

SHA512
5a141581f45e85b03574b3ca3714c8b91612ad5b19fe08daf0193891d7264eab82bb61cb4dc96bd444184cf1d21c536a9b174f60dc5199229ceaa71045c0a99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a3820184-ebea-4f86-aa73-bab91157289d\index-dir\the-real-index~RFe579a5b.TMP

Filesize
48B

MD5
75cd76336c3275edfb51fb4f0753b61b

SHA1
d5812806aa25d02aced6817b1ba665a9a3df0264

SHA256
55be8f3035094d889b2e4d0879681147614083382c7e7535d7966a8927caa289

SHA512
bc7adebff29e045aeffc32dc2f3ff7db637f76adde202f318d16f9e31333abd04a31b6a754afa25cc275726b26b983ad3222ba8d3dd79b36e8efb7cad1a37366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1fdd429ed6d4dbd8218258d7f4d644b6

SHA1
6642fbb8cce5926c4eba03b565925847c52ee168

SHA256
15434e764bd76bc4cdf9f8c3e002aa28979438683f89d6bb41cdfd6e13f41993

SHA512
d7e4e260cfb14dc262ca3a6c5a72217b551a01fa9269c16c9901f61b1f9b6540a2302f0130c9045afeafa96dda39b500bf361bc2f2955fa83a1b7110230eb976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
938d657f8d4c445715ffc0ca09bb9583

SHA1
d26afc0487c17ffd2840a23267d3bf95105da144

SHA256
f74ecadf55de952c19dab0f2ce1aeca07509c7010bbc1068d1287c0751f18b7e

SHA512
6667944eaffdd96e9463fbab50e6c63f55a81c9c6f9b99916c3d5267a05eda6100ef5e519c8ea80b7756d89389639878bf8b0f21bd5a924aa6d5e2e22c6cf9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
5c61f63ebd2c604fe751b8a6e0081981

SHA1
092c5fcb2f9e369500eb121e933a254ef4e52afd

SHA256
2d346bd1871e85ef161b09f5e6f52ed01e57863e073a64d29bd36cba71c83436

SHA512
e58b26975837d2487e5c8cd33ef873892e903a1c810417bb9b4467c760835a486d15479dba283e6b0c25231c9b8312cd19e98e4b82eb45299f08904d581e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ed036d8c1ff1611415a80ba0979bc3b6

SHA1
529fa0471821cd85453536706b7a68e860040a3a

SHA256
f1d9b9bfc2dd377f3095c92650dcfdd85a448f9f939474282a5e28c8baa8f648

SHA512
6d068fd8ef68954835a2d3c4c10dae58c5a42d1f3129508be010e4f2b47f67adafd7382e5bd60a2ec21ef84b789146ca3f3ace03f5c84f42ff0fe97b4a6bdaa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0e7f5075fe60f09e2c96b4b8872ebd46

SHA1
61756de4f9914a334f09ba6e93bc15bbc9ebcabf

SHA256
ba2eb582eacb3cd4e3e4e7de862a62f352653849d461d990c97010d37359e80a

SHA512
12fd32533c7a9de04e89fa28d1964cc4f15ee77985faa495e3ebe7d816f471607f9a46bef4f640aabcdd5ab8863db162bb326d3134fcff9983772e95c76c7c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5793d4.TMP

Filesize
48B

MD5
4132c0882228de42d8f894acf7fbd87e

SHA1
005678673be3c6e22a5a76ba8df9013314eae997

SHA256
c56fd1c8b44f631895fb60dbb8b6ad2d32540b3fb869f8ae3186cddd251ea314

SHA512
25d802b8d237f340831fa47fecbe5b87271486a1986bfbd7d123a74b8885fb0af25b37edf6488f98ebdf259f403c9e71d211f5900b4364ac62da332108c1ba3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46c73308a98065178ff9caae345adc24

SHA1
e7bea710565971982cb819804e405528c390e903

SHA256
7cf5d4beff94bb26e01c08d1823f8731df9349f33175f78cc34b6d049946bbac

SHA512
0aff507dc1f752f610072d0be75afc6670240a2712a96b95b2213902a52e575f030779aabb4a4bf97cf9fc60810e722ba770847caa82d07892de8e939428c75d

Download Submit