hxxps://www[.]youtube[.]com/watch?v=mGqxhDprh1c&list=PLpoRC99y35VdFqV6K5rErKKlu6v72CyYY&index=2

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=mGqxhDprh1c&list=PLpoRC99y35VdFqV6K5rErKKlu6v72CyYY&index=2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
3856	msedge.exe
3856	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4208	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4208	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 4796	3856	msedge.exe	82
PID 3856 wrote to memory of 4796	3856	msedge.exe	82
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 3924	3856	msedge.exe	83
PID 3856 wrote to memory of 5064	3856	msedge.exe	84
PID 3856 wrote to memory of 5064	3856	msedge.exe	84
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85
PID 3856 wrote to memory of 4396	3856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=mGqxhDprh1c&list=PLpoRC99y35VdFqV6K5rErKKlu6v72CyYY&index=2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ff9b3c846f8,0x7ff9b3c84708,0x7ff9b3c84718
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16962598885132659136,18150152254346062633,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x460
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
f9b34f80083c49cc50bfe1da5f6530c6

SHA1
7a7c0b0e552f2aa89b0c01006a41101bd6c89f27

SHA256
52fe738dc2bb1ed2f863178426d80728e32e161b6edd503efb6bf9d385989471

SHA512
2265c8f8e84258e7e1e8485960f92ec6082ca4d6d9af09d254e2701181987ec8bcfabaf896726919aaf7c37deb395be5aa744ddb00201751e450563a8d7cb3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5738f4b9e36187bcf765e82bf0870815

SHA1
d57276882a08f707d82f45f9404b5b90951f6c63

SHA256
fefbf0261c91e457b1b8526e87d11031c982e3aac77b8bcb540f12efff10b23e

SHA512
af24be87743cd7121cc1a0337c8d4e8993db420915a9757af547fdfb45206fd1fd934b2f50c87fac057ecd1206b1542f1254bc91a931e6de4f5829d2839af194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
515a4e47225d4be62d88731c33b35c46

SHA1
6fc673c94d2fdd77a13d1acd21bfe956594b6a7e

SHA256
de8a908020dfa7e1873b7e93bdb9f4ddf878e1ad17a0361eba634a811eb1f966

SHA512
e4881ad2c206227fcada8a1029bbcb010a45fbc840a46e37fd5320e3612fb63e8d146ef5471eb7ae1140ae576260a5168a6bc9cbd0ce2875f3db664b3ddabd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59a37afdca56503d444d3527198a2bc0

SHA1
5597ef32eb6f526b6a06e61251a9cf16fa16dab6

SHA256
c26780da5257c9cda3c7150c8af23655a6100e989933e2f755e00d6821ed98b3

SHA512
0cb6cd710d2fa6a3f494d4521237d06a42ef65ba53bc00d5d625a1ec5de5526eed87d13d0de0dccf5640d17d8f1c1722a77aee5126a61e65dbda84ea74be76b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f4292fbab890a6e45e8968055ac9703

SHA1
90ba9c3c44bed44463b5c715f3230e6d69717a7b

SHA256
21621e90f6b33a12f728cbf06af17b8f6577bba6c98baf2b4d01cefdeb85805e

SHA512
9aafac5e3c43bb0bb07a920d1695007517e6e5d83945b3d684a27d37890fa6e019cf2d8564cf7ad6ce79a3436f8613b9ab3dfc0c4b548a3c43d69722c64cac46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58d9312e839c22ab8de6721afa524195

SHA1
8430d1a9d6092c8b3b4e4206f16947ef64f52e97

SHA256
eba755798a4da179fe54b76c80f8fee04f809c5ff88d305dc047a361019b2d60

SHA512
067f17c0e8940fcc9ae6aad8816a5e7c64a38caa316b00f2f7c2f9d34b4b012fb0861b423a0b944741382e9824fbffc33dcdb4ed82facd40f491cf67aeb18820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7427c45b75ca5ca4e8b20ca639b450fe

SHA1
4df7f055400752ea3cf72b9ac36a148d73597325

SHA256
eb59db199b3119a691a6e2efb83cf0c4752ceaaf67a52a35d0a33d68f4d325fe

SHA512
d8795250ab827bc741ae3c3f5da22d2687511c4e8b8fa59dc4e18b437b1c4483225594449b23036a00ede9da74628b8cd1f4ed7871b3c71a011206ca62601274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
403c5cce8848ef4ed4f6935bc58948f8

SHA1
16f9e5b070b55e4f9746e5bc048e35e1a992e0fe

SHA256
b2c2a37ba91f01421f9d5b6f4d4cc56525ba7a00f2e3bd99bd793963d32bdbb9

SHA512
9f06c06f7f3a6cb62bf6709da75d281b2966c66108d33d752e13f57e8fd0efc2b31db4fd4bac6f8ae6d223548485b63c6891ae8a122bd0c06cc997420cf08456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6a386c7f4b0d9b98d32ab0339a3450a3

SHA1
68f74373176efb91aba84d12ff5ecc03dedfc838

SHA256
de55c19b45ebf1dde010e7cc935d02a1315c18dc44e0ba6d09b599c0357f7d65

SHA512
472c28cf84ac85b25d14f98efd68b70bd7061fe67b860566910fde80aa218108ddaf4f5564da27bb7a89b78c8f025d3358a735f59d70ff3ef25a681fadd9fba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
aa2702e0295efcfef211e8258ff806d7

SHA1
8b418e6f7d599514bef8c49f2ac17f990f8dffb7

SHA256
091d78851cb61b50aebb8b656fca13956a9dd14707081bbbad6f86706efae258

SHA512
3fa9614c261ce77a65c3986919558acf919de0276f504ab76c03f3df620776ef558751dcb9692bbfe77f37e69e6acd96269dfeacf309ddaa5af219382c5d8bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5787be.TMP

Filesize
89B

MD5
ecfa031f87897c9252f8438832913a05

SHA1
958e2b412953fb3efaabc457db95c9ecdeb29aa2

SHA256
33db50d520ed72720b8298282f9495f527261ea2ebf8138467f032ad1349a092

SHA512
718000cbe3f8543cc55f1f52917fb01e053d9cde53ae7fc8db66c2e8373329c469d8b1d9acaf64abaff6ca2194049c3862ff81a1cf1a881ab6f292a794529e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7433e18891dff6a3edeb9ea912db9bc9

SHA1
cf45d62a1e04d29dcf2a48a96f9fe555afed23d5

SHA256
b5219b0ea7b323c8e0a92fa913b9ed79d2f853bbd9cc7c6ee999c60143f16c90

SHA512
910fff2c1a8a7db1ad98a47361a15579348afda7badb5bb8d2910cbe27778cf8e5fd95253c6859b64ffd055765d78b298ef13812468d8b5f9c2b0969a8b4a29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57df06.TMP

Filesize
48B

MD5
9f714fd46a5dd4302a072f9aeffc39a9

SHA1
920c784d7fcaa1a4edcbb103d3f07126a967888e

SHA256
363fdba958b4cf3afa0b59d915217ee71d881715b061b00f9b559d4ddc4ddb19

SHA512
709f442cfc6ff2b60c4770a50893a6c406bc2a96ef6bc9855327c7218ca275a1e37700a8d7dd98a29642fb9f3ecd0d208f2d22b331691226556b545069061636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
03434391e43b829ebef4372312223865

SHA1
97796119a10ecefab8c6a246735399e17ae3ed31

SHA256
bba47813713143600557da6cbc50a68e882c7fb5a40984027f17ee4cc04141cc

SHA512
80a97b784cd0441818412587ec53dd3f259a59f135c8625f4961f3afe0b18598be090da08cab798f85b0d69419749aa3adef1024b4e6b61bfea5995dd6742c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c8c5b3829f57e5f82ca0223935adb52a

SHA1
21dd4fb3e5c4dcb06488de52fb38c1d8fa93e968

SHA256
9af371aa8ae2c147e1db300fb61146e317a023df55db7cf836ed0c14f659798d

SHA512
61f98883af692a46891486c650c80351407822aa962fb50289114f74078c08f94c270ac2a9d2339f1691b1562b8cd22ffb10422558342410ee1b51b470800081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
758dd572ac1139377695f7c7e823eaa5

SHA1
016d8b341878fe909c46dbd92a71d92e8cc308ce

SHA256
ef4ae90a1b610758f4c4352f688f2519618e32807eda3b47fb8caa9d2ae366e3

SHA512
e9ed0bcc3d15c70e4509049f45896f3f0104af67eb13f522f5e05478f6024f0a8436869b1daf6324ed2495bc55558e273f37987e1bc58b326e049681904a6a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bfd5.TMP

Filesize
539B

MD5
3b1d41fd89da03cf01d97a5299beaa0e

SHA1
74659f1c93327a1a9609ea08073cc60f134a664b

SHA256
355e1d750ce92a498fbae4f59293a51f570ca1a5c37f536491e9db9ff93bbd42

SHA512
02ef88804a9ced92d50205eeae3af7657ee636988f4e61ce04bdfabf944f938b228b918dcb688779efc54a8b2b855fffb84c150f421b929957d86668942c8fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29f3939fc120d55b577ced81c7ba0f29

SHA1
0a7a7098f34a5e6f2c66538366d6cc265d624aab

SHA256
cd1c5a544f151dd628e1a103e10055f8fd171b5d8e1d3cc977362a8be72079cd

SHA512
9d338f2f951ff0a7b3a5947a0c8d304976e0cbe7ec12c0d9c9914506046030ce284cf6b42d70051fc0fc28e43fbfe4ddfedaabfae1200c765c096a3a4dcc7e56

Download Submit