hxxps://www[.]youtube[.]com

Analysis

max time kernel
1779s
max time network
1687s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29-05-2024 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
3108	msedge.exe
3108	msedge.exe
4208	identity_helper.exe
4208	identity_helper.exe
2304	msedge.exe
2304	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4008	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4172	3108	msedge.exe	79
PID 3108 wrote to memory of 4172	3108	msedge.exe	79
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 2740	3108	msedge.exe	80
PID 3108 wrote to memory of 4604	3108	msedge.exe	81
PID 3108 wrote to memory of 4604	3108	msedge.exe	81
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82
PID 3108 wrote to memory of 4560	3108	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff842c53cb8,0x7ff842c53cc8,0x7ff842c53cd8
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17660544661183134896,16948827438482316239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
3fdfd3a34e8a094164e1f00dfbfa545e

SHA1
10bdc1a2172ef6c564c260dff761c0946c4da8ad

SHA256
f8d00e38ccf8100c9363341a8c55234f311454294ce0d9c37082912f3500f8f4

SHA512
cddfedf5f25871838e5496c207566181a5c5f1e22e7abfccc5f95b4c76d1447b7803ff59cb52c30771957a62269ee6bc849b8698caa53aad5cd30b7f3b26297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
82f60d4dfd01bf375ca0640110192413

SHA1
568365870effa55355bc7e394ce1038f671f504a

SHA256
9449bd7b6e87ab93208854082bf832ef8234488cb24340dcd5ca34091cc4d27e

SHA512
d1319de9f32bfeaa1df69e8a15ebba6860736263ecaa17317710d9cb9e4cb443c37c38f5bf6b6727b08fec0c77605b687bd830d011f7302998c6af8953edbbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
85fc0239e3f6c279695b82f30e1ca828

SHA1
0912e6e4ce97b2591ab4061fc1be1b0019d12214

SHA256
c576fede4f3646f5259e02b9cf95996a370169dccd712392ccb879eb3eb3430f

SHA512
d1e07e8c308a93f49bdc5249e6d97f07dab41e6e1a2db40e28ba5b800a7345291a232ae6462a4faa23a54036f59e9f42175b9c9c749e6e18ec67d469ef46a3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4ebba86954b2e57b3731a07fe721ae2e

SHA1
7b6e8bb73821b7961c1502c1e9655c12edc5b049

SHA256
16d09a46e98837dcd1c8f2e291a9236d08f93de8d1b3ea62ce33116be65a2533

SHA512
5548e3611ac8054a75799ce303a02b5610a05d33f917df0495d31e772f57e104986a8c4cd8fb5796e90676c4d67365f6f21e295f56b27b54a233cca96a5e9545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
97528dc9605d23d090d024e5d40ba6c1

SHA1
2b9762aa06fa61fb890272b8ef9f48f683e246eb

SHA256
46ee3b7f91aa3f1cb0f05cf12f5d90f388532d03d282a00585619acbb09ec057

SHA512
ce2c407102eded45166a8050b52939a9b066421963054af7a8a7fa4287395c97b98bd963d4055f3030cf62420d1442253e1eba0eab36486423a542cafc5b4ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
64a36f7714c73ba27f56bb441e15bca4

SHA1
6af74a9d6c6f4b5aebef7d2fe7e1fe3d662030cc

SHA256
3a07ea2db2ac7c5a9dbe50bdbf918f709712a97ecd85774e5c1f56f98b664c7b

SHA512
d5c37e4adc82b755d68bbc75ceeea4a90da69583f6ee7ae418258e024ffd39b806827f14afaa4022aaea7efd68b26e500bfbfa4136b2a44c508e4fd9242e37f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75b9cda599ff7ef0005df34074e9cab3

SHA1
d756eefcae5fbb10df41cdbce2bf556d703e30ee

SHA256
4efc59ba93c24a283e96ea901300cf942a3e4d8c20976d6e4dd393f1a7186f17

SHA512
f501a7530ec6b80987f08f07df2531adc313187ec9c0112f93e196fb48203faac2440090f8cf07250f429bba4c1b6b5458969177eb9291c4502517c80121fc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e88320ee1b06f4641cb0d464f5bcc812

SHA1
3b04ee2900d48141468bbb1d3eda69d69323af4b

SHA256
ec2a1be9893dc6a8b9fa76e779bb222d2f6110328766e448afbed87b613b1c89

SHA512
4f7d5661e1ce1693b39a1783bf0338ad396cea49697681006cab766720963115cd516bc8715c2fb4ee2de2c32517a12689de759fbee764493faac93c8e6b2e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a15a1867-04f7-4777-b148-f3560c4a36dc\index-dir\the-real-index

Filesize
2KB

MD5
60e840954fd55bc92657d436ef25abf5

SHA1
96dd188e6ca5b52dac9bc18e59a14d1523f35fc1

SHA256
2dea9a75c81fe8f56482270a06f1e81389aec5aaa3d893c874c18c0a8c0c9894

SHA512
8ba07cab0c5c932c24ae7c28f55a5acb9c362758c4f50d711b4da67aa05669b9e6efa8ac8ca31316b60442889b3cc99a3e7216014267651cad1e55246daa46d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a15a1867-04f7-4777-b148-f3560c4a36dc\index-dir\the-real-index~RFe57d1b7.TMP

Filesize
48B

MD5
ce7a590b981bf89451304981cae6729f

SHA1
33716574727ec4650199499292bc2467ce29e575

SHA256
88f29b662947b5d09f926ddf9311b6f67f86b2dc1232ca9fc44f12b478d81191

SHA512
02cf9adc7423131e2d83d61a3f82f2a3c02fcf85ec552caca44aadb5f32303ebfd1039b2380fe2bb76960289f257e6c13684751996d36255a6c6cb37d7793a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
bd6c74b505c3794a512e8b672adbe9c6

SHA1
56db91b858b003dcda30bf1aedf32c6ed73a5ceb

SHA256
78fecfe94a64b57e539a118e43edf695413653d07e6f8da0e8741293e2721b75

SHA512
a4ca9dcfce619fa116eac55cafadebde48a0e85e749513a51081132f85b562bb7a22cc76cce236699ec65ec00f93ab266bc4030671420e04ece2bf263f344aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4292f2307687f1051181db7d61d5dbf7

SHA1
d98446480a79a5685e85d63c289ca775ed526661

SHA256
233ae4caee6155aeb16fb1ec7b12caebb9c17366bbd8a77632ce95a4d0939d76

SHA512
d2a97c096616a87e1aa5d326bec64d8ca902489ec6c0c535ffe271c4db4e070d7046c685541bf4e4c4570496ffa8c4c9cff42510e5229ea9116219dfe8293f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
942a8e04d5fd1d578954b7c5039b02dc

SHA1
2c2f8065edc28e831623bae30f20795c0e99afd6

SHA256
c2b852596d0227162bd5ea4ff2eb041d9a5ecaa3dbfa429c84e6763e54beaca1

SHA512
8d6d51cc8cd1caf6277fd80c09f71cf6a370680972e7b8f439fc98417bf4f01198bddda53009fbb9975dfbda9c6089b499de2a69c2900055b01e5b61ada7de1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
abb4abc8308d3dbc65c127b965e8f09a

SHA1
53e1be68e1ea2b1b08d4f85d7e5274603b2cacd8

SHA256
b0f9634c9c5ab11baa14e789aba505fd0a5dbfc4b47f9f538bf76fe71be9e7f3

SHA512
5ed8de9e467a942f345ec611501f651d835aef4c59e316bc105ccc32dca8614b590f5bbaa70da1dacec288cd56a6d65d964cb4d3eaeaa7de574de8e8187821f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
43d982c44c3e5b55758828212bf2e049

SHA1
ceeee2d63c96e75d7d3ddc2425d26402af3fe504

SHA256
e525fcc1c4f07466ed31e4c0382ec9dae2a28f1e0823d9c5725bad924f89ee11

SHA512
5ae9a38dc799d6649cab9cf26d9f1a325a7b200398b8b3d2bde284a6862daae2025d9ec2d524886eaa1d3dd7b58ced3da3b84491ed5228a546c1be01aba17d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cc58.TMP

Filesize
48B

MD5
62752d596ce74e67d2fac9d20d045221

SHA1
7b239c0aa261a9502b309059c780c2d71e510156

SHA256
63de4341e794aa05fa76927ba0f58a29e8b7f248e2734e57e5e5f002ae3ba087

SHA512
f980c507ba5067f25ea42561253570e62ae13c3748a423d22a4d49cab2978bf07339bba0ddcc3c0dbb5ffa304853776165b468bf2d5106e4a56798ff51aeef92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b62ef65b5c9ab1fe0723e2e0d1ae111

SHA1
ea5b68bcd39bb6992970e44cc2a7fa3fbf12287b

SHA256
f77faa031b62f414c50c0e4752a9e0d964fb13ce40976b3700a4d3c237d1da62

SHA512
ec4c02650a0b08eecc65fa80350e4f2d824b6d7007cca61b51864a55e785f4a3ca6e27d08bd230a5ebc574cf3877d8688128d8726e0b28ebef9372b49c4d5d1d

Download Submit