hxxps://youtube[.]com

Resubmissions

25/05/2024, 12:09

240525-pbs64saa42 6

23/05/2024, 14:41

23/05/2024, 13:11

23/05/2024, 13:11

23/05/2024, 13:03

Analysis

max time kernel
1739s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
2652	msedge.exe
2652	msedge.exe
404	identity_helper.exe
404	identity_helper.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1900	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2928	2652	msedge.exe	82
PID 2652 wrote to memory of 2928	2652	msedge.exe	82
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 1872	2652	msedge.exe	83
PID 2652 wrote to memory of 4632	2652	msedge.exe	84
PID 2652 wrote to memory of 4632	2652	msedge.exe	84
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85
PID 2652 wrote to memory of 3596	2652	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9061768022652045155,14793615305251049697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x530
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
ce54d8444bc0d5faacfd47efa496cdfc

SHA1
62a7732cff98f51c2f1f76ebeeff2c24a9fba62a

SHA256
0596411362297f7376b671297208d4e988dca4a89c7e4a662a2dbec4525f6cab

SHA512
877f91d8fdcaafaf36b083c29bfe5e0cb4dc008f1c4612611108c5ff4519686ecdd8a77a6fabd47435ba91ee917240d1629f25dd95f0f4bc40659881b9ab5d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
430cd665bec3147e2f5b4fe08a1d7240

SHA1
316f8dadc297a5ff1af68d9ed90d4481957bcda6

SHA256
78ae00bfc0cf8d7f9514a8df503c616535a818e8975cc95d2c8cbb58b1786088

SHA512
aa6ad419161794734625cd34f50bcb6f2045731ddd444578543a05009f7b01442a3f103ced25a23ee1e191ee8c7bf3ab97d7c7096dcb29829ceb81995b8764f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
99ec49f465c3097e3cfd9b5041eb5c54

SHA1
f0031be445c70682d75476939bd8edba6ee4316d

SHA256
651194a45d395a63393317e3d4eec66bff5e329dfd854dd73c30dccdf34b2318

SHA512
6583d934a0838b76ae972820f93006497e8f3f109a2848612d4a5c65b8088588b67f0888efe28ac235463aab9b89e4fe23a157fe19416b3a9ebc1dd89b8c9362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed9ab85c6d0ed4887eb97b66f9c38bf7

SHA1
8d9ca5716c33b78c813e1565eab5a97c7070b3f4

SHA256
561eb7a8d2fce7b64c3ebee6dc72c66fe550f493aaae2798a233672086113608

SHA512
41a11cdf18240c8ce8c7490873b0ce873cfe1e55f1a8f6decb7099072d74e162721d4d8c060914c94b7af989148a9dd28c43a2bed527f1b34a4aebcac8f6550f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f47e2ceac31d148e95a4b0f33ab3ba6f

SHA1
e11ccfc4169574b023c7b059aedb80b84259d4d4

SHA256
9ea304ed0f63f65bae338bc90933bef620584d4377f25723957bfb91153114af

SHA512
32e1dd9102dd834d2d4bb03e7d1bede34fa5b19f42c508148a06f3c7f8c8c082993b247a9517467c5e87f7f03ea6095221bc3f88e1261563c9d21f8e66a76825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a954527665d2b0b47cab18cdc366ce79

SHA1
2af97b1f1209cadcbd49df5d6158a09d7ef53549

SHA256
91317b8d30d1090a20f07cf85bbc02bdd73eac5279407642e913466a6c8297ca

SHA512
bb9b0b101caca8ef77d0bf98467c82c0e6aad811cdb58cecfe16211e0aa646e66b80a603799fb4d8d8b5252d912e44e9d3b5eb0b4b5fcaf5fae3e4bb68b34641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6281edcfc5bbb300de30bd84d82e4bc9

SHA1
b84b310bbd69aa121371efa47b6c00e4968c1d34

SHA256
0cc7edd7574700bc9585a7015198590ca37f8ce526d792dd1e4b2eb7c4bd8467

SHA512
bf728df4f1ec9acffd4d63fd3ae0341507e61eb6f92f9340be43818d19653788792c03090f45b4e826bb2757f24e191b48ea1a46adc09b7ab3350fa02bc2eadc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
793693ced1857417a25dc5561d7466b7

SHA1
36bdb8cfce17235ff361a0f7aae2239bde3b47d6

SHA256
2caed82c1fd007f3f70ffd467db24f0c5801981c2d04d8881f544318e95c740e

SHA512
6e4922f34b14e2f6b44c9b56f4b0faba2edc90525843fd766d5373b2641c09cc8bd57a94296e8467f011862660e43dd9d659521019d22e46ffc168010602f843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\633799ca-a73f-46ec-a15f-6f34426e0fa6\index-dir\the-real-index

Filesize
2KB

MD5
dbfa2ed520d988300c346c25986fb2fe

SHA1
599abe9d59f0626a02fe3c42c7d703821f62b7ff

SHA256
b5b475b6581e18ec04fff24df04d60455716cdf23411e34cd440570fe27cc3f3

SHA512
414b084a0293794398818d85958f32effb8fc5920a5c6124ac2cd9aaf49242a5cc9fc3c57b0dfa974a2ac818c8c96a0580214a2994efdcc3029ad01c2c77a943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\633799ca-a73f-46ec-a15f-6f34426e0fa6\index-dir\the-real-index~RFe579328.TMP

Filesize
48B

MD5
1dae852ef5987e0242e903b9969c53ca

SHA1
e128d43169d80b9aa43f400fd53d79811f314bc9

SHA256
0325e0fab3bb09a911b3f1d1f4ee9607df001b256b9f29707d3b7e3a1ddb6085

SHA512
ba904634e776a7d7411758e2ec70b3023425ef7f480ba98a3119c65669bcfe2bad5f6c0789dbe34482ddfbe62a0fb54da0791a8512c4d67586dd629a109cf5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f303c60a6a37c265b03a6b41326a8c12

SHA1
adc8292afada1a0abe5606dee6e2386d724aa02f

SHA256
d06ef9fda2fd54feeac73e4b4f6f1ef827b3a9875d56491fa192f75d705e8b9c

SHA512
341f308706102bc39e92e823ef0cbb8aa24db6072d5e6601c209e6acdcd47073428105db79a7444ce6f4d4dfcb322d4b9c7c3f3cc7b271b6f1ce7df7a07fe834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e1609edad4a21c9bc13ea459a868d52f

SHA1
d066fb35141c131ca6923e9a08016b5b4c43a64a

SHA256
2450ccf6230f401bcf67933ae6efaad3cc5e8c6e770a56c38d30d05d83b03614

SHA512
8b6cb36cc2c2d3bf59c4b3ee72217b363c4a3cf5426d5f9b9e5eb9688d8fc39a558db96bd7de27f9444bc8c6e50c0dcf9a3799e8a7c765f1353047c4443c4f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c079a445424b9d65c70c8bc0a7931e1f

SHA1
886250a8c4ca2c8445d50560539e06ced268ee5a

SHA256
edf2c84845d448730fe3891a350463f60272cca2605feea33a9bb2a79a319921

SHA512
09d35bd54785d6507dcabc04c7cb1d73b12a7804be61b3ed61c237946e0b619af632745b7faa3fa086b2f33335e949cc591fe079e26456a0b2011857de73f57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
ea2d8568b79cf85d864d2506f7e4fc80

SHA1
e40e8fdda6d488a40c7dba70b2a39b7cb5439345

SHA256
2b04d991dfe3e2a5b6d2bcbc9b85527a6a6450fbca7197354c48067d5741bb79

SHA512
a578d40d14dc9192de29c902c2649b57ded06814c4351221e114649fadd424cfcb0321a709786f67d54eb093612fbf12dbde941fb8a5f5b0973d1eabe383d323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fc0208f767c5ef5c1ea82f08ecc84253

SHA1
e226fdb1e89470212f9cdb2af7e6dca019665de8

SHA256
c7301f93f2cc71c456b34e9ca3f83f2ce5f1c845ef8a15bf006e1c7e1f161403

SHA512
32a181c3e580c6e6a159e44a2c72bec79f9e66adbd4d0f648209c6e66f4bedefa22892d0353dd06f69bef8a9a653c9ab2dd843e171cabd752374889008f3e7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578e26.TMP

Filesize
48B

MD5
00357a264a01a1b56a2db008806fd941

SHA1
bfa9ad4532260d9a504ce20a30e11d2259ab169c

SHA256
0d534934bccaa1a45e1cf9a6554f9bd2d3279de1f976599c6596a41665344e70

SHA512
b0ed31ad6c2b9662968179cd5d0f355c95d78f944cd68783e8ec21ac3157f06261ef7846c7519b97d7c0271d2f2178c434ebb98183ca593cae99ab8243d22e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d272ec46f6e46d916bf2e000bbe6ce5

SHA1
1f1a46eeb419d34f5c420814f36b0de3ae110142

SHA256
e6dbde8dca836efae27970c2956beab6e1cc536b30c13c8e835b858fb28ac106

SHA512
c00251156fc4d95eca8c631b8acacf8236f9122ba3b95f67a31696569894064a3f7229835101cebf161d2ac67d84c73ad173751074586be796058642a62487f4

Download Submit