hxxps://www[.]youtube[.]com/watch?v=zutsGuUBFpo

Analysis

max time kernel
1798s
max time network
1802s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03/06/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=zutsGuUBFpo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
988	msedge.exe
988	msedge.exe
4028	msedge.exe
4028	msedge.exe
4720	msedge.exe
4720	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4352	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4352	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 4984	4028	msedge.exe	79
PID 4028 wrote to memory of 4984	4028	msedge.exe	79
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 3672	4028	msedge.exe	81
PID 4028 wrote to memory of 988	4028	msedge.exe	82
PID 4028 wrote to memory of 988	4028	msedge.exe	82
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83
PID 4028 wrote to memory of 1172	4028	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=zutsGuUBFpo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8f5c3cb8,0x7ffa8f5c3cc8,0x7ffa8f5c3cd8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
77158b18c8bb64b4d6b6d03a3ff52ddd

SHA1
0fec5a4464698a146a3146c0303f2ecc6204e133

SHA256
6d85736bdecd1d82412da578892bd38d8cf0cdd107144d6a648ef1d7f690e712

SHA512
7c1875cabd755f88565759622f5c52a2c84c11432f438648862269a56d2d9779475f5be8be6664138cf6e40521a77ca279d5f59208400078ddb25c13c11ac10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88942875c58e3dbe6ade726f35283daf

SHA1
101700de9adb2aedbb6b7ae2a6589fd30edb478c

SHA256
1482fbc5e86b6e3ab18c619ff38d71497e5672135475b733361b9682d2475ab3

SHA512
2d57e609f4cb8387ad99bd01bf1ed0cae138e043bd2ccdcb865846aaaaa945c904aa1135a1145b5b7360837a4480c297285e368611940e5bb9d05d44f18c5895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3730203de658673d602b5f52fd22993a

SHA1
0c5032ac87b1efb229c91ab09124b6b6b3a1cfe6

SHA256
34e4498cf265a8cfe97659b4a5aeaeb543a28ecad8dd0858aea725fa66ed29b0

SHA512
bde74733b4f8676925dddd96b7b0f9488657c88264dd78288a023f803d09fb7f4d71acd695ab6e6a991004d34a714dadeeef2c6b5a8b422a6f45b141b8c1d1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7523b9266dcefe215d2cc0354a674cff

SHA1
146c759c335916a147fe4cb8342af2afacd7c1f3

SHA256
b797fca961657d9321a2d1ed3387fec0855ae632cbc4b3844158f68622b8e5e8

SHA512
6e0d9263325b491be0ed1a0cbcb2fb40d39dd5c370073a5379aa1b037104c4eb0755b28f63ed5256adfe2151e0e6128f20696ca45c2b81710d31e7868fc8d4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6a3035b0f15f70556678b2a8a065f2dc

SHA1
9e12763d26cff25b9f0b5267d04a4cd0221bb3b6

SHA256
1f85d243723456b77bd0db40cf974a0d42e12e438b0b7fb370834de42dc54578

SHA512
1d54a49e576f70e81e349ccf682747c64f571a5d4161d628c591a268fbf4f8721cd666f07db3415209f4f14fb609b55d25e0114c2030b1003de174fd1132451a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a269705351d4cad85bfd0514c3568f64

SHA1
3018d08fc370e1ca290bfcf6fa944f9f6eae59b1

SHA256
b87c0d67b965e128bdec8b592c422d7d69f71230f9798700899edb9558980442

SHA512
c29fb753b1d667a5619d37da1769ab1b7c7ef4dbab72d3b4a1cea278278f1ba86bae989f6e00619131c50d9ea9772dcfbc9d61b751e9fc9f16fcc19e9124200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
972eb24c66dc8ba22cc07c953d02aa1e

SHA1
e5ba997c5e28c5246283a9771d07a9aee0c7d774

SHA256
e943c91617e0e6c504fbc3a4cc0f5e63d43f239e2a3ff6018835e21a1aad6246

SHA512
783f15e928fcad5cdcbb94fce5a1f4a373b21d4b3b5003f492b0b7cc0e123797fc64f24ddce6ecd5b1d34ad2ebafcc971605b677dfeb22a9734329a6d4c18109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17bbec8d6afb5a9c3dc3323ac9bba637

SHA1
f198d04789c5872b7a4a7bbcc453c5d5942c759d

SHA256
c69061c8bab46f21717dd2fa7165e64342394f65f37012f0fe2c9bd24fdb6f5b

SHA512
6ada4f393d721e99fa893103999321996ba1afcd9a2c0c05895f3a182094eaf098767ba76ccfca78a9912a01fb1f4ac1d6cae8053047a73b6a7ba5b0543812bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f62f924847dde6d1aaa9c667cf281c43

SHA1
5d19dd815a3ccd68e5f966472d2ccc84a60c5208

SHA256
8ad2316cee9358539300b2cb57638f2c9d181d798cb0c4cebf2f3d82370a6a5e

SHA512
b38015ee20704706b160af80b7c808872642787cb92b4051c4ad8e80665195cbd855586a8129e68bf2c5626bbf40b50b5f4fe551d66f1cd77945ff0971395d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
49f325b3b2dcaa31077ae7b7e7a2d8b0

SHA1
cb9f862327575dfabad410250111f29746119757

SHA256
fa7265cdc370b406f6f0455cdc4190e0cd7321556453f269dd75effe2d29d3f4

SHA512
9db5f84fcac5bf2e747d6c4cdc89096862f6c321e13979eecfa8c840176acfc3aec8384d21617c3b9ffcb151b902e2a89fa35624a073a165f578567e9e949435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e890b6dbca73320f6068f17416c412ce

SHA1
e88d533bb07dcf8b4893afc3990ce72741633519

SHA256
9a4fcd9d5478eb1f2b3f3aa3b6bbcdddb863e9a4fc03785f9368e1c84855e603

SHA512
560e5ac0c41d34cabd5587aad00bb7db0c125a9f9097b068e7e8b360d63f0e20974e9ce5e9bb9ee2a0ffbdb9a6add8a806507f3e30d2938ee9a404f4ecbc7f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8b25ea15a2f6d5d04adaee74f70d517c

SHA1
393d2806b1facd92de8da61cdbb99cdf93640bea

SHA256
dd2e5e3c44553506afa2e04fdf52bcfa60bac8dbffdec464145d45ef458e8281

SHA512
db25c8025476c5b35340e582d7f581332388b5b8db9a367b1697fbe11df17e35c214bc092a65355aa4dcb4bbe93405597ae835c269d3b55549d88fb700d66582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1ecc4f68ed5e16b93955e00bd1723c6

SHA1
986af51417a4f96c1af6da54dc5c4b88d054d3d6

SHA256
8ff6eccd7538dede1401a36b7654715e18cd85e48cc28645b564cb4c631296f6

SHA512
56b30ae7f3c091fcd5cbaef43ea6014153a7a873768cdf94a0e69df34375db278c2bcc052939066fe0c97fc70e05dfd875262776eedd25c4e4ca22ec504c79cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7de99a807218b581960e7984167fcd85

SHA1
9c96090c980b2370d63f6e995d28a7d2413c4592

SHA256
8dacc8e416729a0dd1b722206643249659484bcf710239ab1e36e57da827b482

SHA512
f1f9908697e86198d46fe1d184ac95df87aad74d4b5f183cb993ba4807316d66b267b27fb23925e8c452a180df1157de055d5431e635b91bc3a9bab56db2a89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
022e3ee466d5ab9a1f5cac0fe016ac0d

SHA1
aa58a68053065c048b9915c7a734231992b7ac56

SHA256
6b8b47a5b02d12606f98f3da7b026f807daa6a40dd7cf92d4b05e744fd660d24

SHA512
f001c6adadbd256ce6a55a2c9747275ea90f7c111867ce284f351b6622a91a278143fc9fc452b556f37afe2c73913f351129f08edd50308dc6708645da90ab87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
88cc9d49bce6dfd03bbc5b01e44b8076

SHA1
56ed4f8082961596f87f66fdaac077c678eb4850

SHA256
902ce8f70045fe42ac23c24b4413576ec3230a28ee94aaa6120a9870dbb719e9

SHA512
8d53be760c75e6981dbc52ff733b01bf081a16cc11d8b8221bd3e35ac6ec9f2819cb032e4d54e2900021772ca384e11a4c23d6efa7e1a4e148d63f2cb8ec1586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bde669d22accd7506a545c35534bf41c

SHA1
8a8b580fc57d9989d1c9b8b42beba99ae0ecd906

SHA256
af6ace57401d672861cc71a1ef5aa2c99f381f0db2710ee8d4ec2f9ccd79c205

SHA512
0ded109bd55bc98a1e5784345480b5f95e9a08eec2f90b51bbfc096887d71a610ffe5af30156893d3ca98d93669c55f78e2133cccc5678b122e134bdae37931a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa514053abf72080a25da83f62164383

SHA1
c3037ae5ad06d40b832cc834228b14a49bc53e31

SHA256
377ae73e176899bb8bda7b0dfea6ec23350c9a66721a40ac284853bb07cc8967

SHA512
a041516a2a29ce843fa7339530a8ff3c363a08debf599e345bd298c863707aafd53c410138b266e2d9dee2b4f7259f83f656bfe2ffce23e4655027074e6e75cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c7e443fb62bc4da38020c5906158d8

SHA1
3dda2873a4f47d7ac0d265c08de8994fd0e95dad

SHA256
09dbeca1575d3ebd1e70a3c3460afb812e0fd291e811e701291e13ba3cc207cb

SHA512
15bda14ff68981b1a851fd091e62baa49b17eecdd39f4516cecb13d4f020853147c07b84d2e60753008f7491c546538264f55ac310fcd38274a32d8c88a87a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index

Filesize
2KB

MD5
6f944a0cc865e608eab9e6fee6630943

SHA1
891b67d41b2e4b6fafcd3749efa9ba829f669cdd

SHA256
6c9bcb7241a5225e6be5cd38d01ce85cb8fc61f78e1e9bd56ab7ffc3ef1ca69c

SHA512
d8031187a1ed20b7078242422eba8522b160b116b96b7295edb3bfb499dfac496941c428e2c80fa81feaa497cf838fcbddd67ec1dc9f6795d4e665dc8afb8007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index

Filesize
2KB

MD5
95a942aefcaefe420b43006e18aeac56

SHA1
c16309d1f58776c7c8bdf3fa8346a0e17e6fe204

SHA256
af26c7981fd8ec1f0c99b08f26f0988dda489702a05f906d572a7f06ed2f9796

SHA512
dbe9c2ca55a4a9a80d91f700a43bccb9f1aea0fe9e1437eb3432149b0908ca6d20cb497ccc8e7bdcdb4527cfcf18e66beb9b2ff1f129b07725f68bf4ca346943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index~RFe57bc6a.TMP

Filesize
48B

MD5
58bd283d13e58555e33b9f0a5df7c715

SHA1
a37ac668af7c42e4dd10eec0834c44659be82763

SHA256
5e927ea8e1d6ffe5b140fd031befd51734d4367c4cbb0284a04d19d7a2f5e146

SHA512
ec0eb4affeb39ecd8025e426d114564118d0d31668dff531a95eaebe06c8bb505c0b7c550aef8a99542ff1c4fee2b057c151bebc780b16a16aaac4f5b5e77d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c01ebf0c-ce66-412a-bc86-eda4a704d99f\index-dir\the-real-index

Filesize
624B

MD5
271faf1445c616e44e8eda1f9ead5312

SHA1
ecddf11fd4a12c53420836a462bddb86986b4419

SHA256
a1c9961a3931544f6803a8fcd7df1f47a862f99fdd53429340e30c392d6b8a01

SHA512
257363bb12ae29e9c6edba589133b521bd0290f7d81d54481952047cbc1d44c82b113bca9aa023b4634b7695f1876ad68aff566b829b6bf780476b404971c743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c01ebf0c-ce66-412a-bc86-eda4a704d99f\index-dir\the-real-index~RFe57c043.TMP

Filesize
48B

MD5
c60f54ec0182846ebe2a5e05ca6aad2c

SHA1
f69d70dc6841cba5ed363e2039ca672905ff34cd

SHA256
9fca860a5084df4f06a4a8d3bf9a3779ffd52f1b8f5bfa504d4c933856f23b79

SHA512
3c132dca38c6c5bcbfefe0682d47889dddd079bad6a5265c6abd0e5ce6d2a2b7f796ee8e026ed2a3581e204db3b857317e00b9e483d09579a4fada92b47a4726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
1d3f43cb445e9d38e596ef04dd2d538f

SHA1
dfd0d552cdadd6391fc8d82ca183af8ed82abea6

SHA256
e21506a090ef26d1f17dd42a6e0bb6ba2bc96c9527470ababf463b39d14bdefc

SHA512
86d959e30407e5acd19f8d7de1f89775136419a904124e752cb40222be34a1b1837fc82265ecc5050ebcaf3e0915b282eb6d7993e784b540b4c666ed50a500fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
be7f5bae26b219780eed00fcbe274d9a

SHA1
4b38d0d34a6ecbc1e44783aff75a8f99e6da099a

SHA256
01baa817be4403c02d9db2be1343078a167e436249eda3ee600e6c5dde871686

SHA512
8e1852ea1dccfdfc035196f61e4e21e4e432c7bbb0b1960578364686b8ce2cee69b068edeacd32e453655efc11d32dff4ec2c7402b200953d95cd0d781ba6ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5b39b30b49c30e4febd1fd22735be46d

SHA1
6ae37ddc9e9f6e50b7c8f186dafad55f698cee90

SHA256
e45953d22f567a1769d977342ef98c2cefa7ed421ebece969801d9e7ee1d1b1b

SHA512
1185f20ed3b091c2a8c99bdb150ecd38a52ca2aadf149f0b2e841f1a81933761d0a96a1a15990f4dd9530b1a4ec16f6ec2de6e9a9e7aae7bfed5bf031bfa0378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6bf6af5788cadae560d5c175a90b129d

SHA1
b599a62e1c67217318ebe30a3ff1a015263179ed

SHA256
a903242727da792c9a961f0068365a57faf98892fd53b787a8e559879bf20af3

SHA512
c59d1bca4f3a9ca2c93e000b70fe4063f4af5f1cf14089bddee45622bc426a4b5bed68b33a2dc59f41776f8b5a05629badb8771ac6adfccae47c4c9e2f67f782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
5f4ffdd726a1d8568115cb24e54c9d2a

SHA1
87adea3e6fb736b1c7bf46c6c37f0fed8dfe81de

SHA256
4b0f2b26822cb09d2feed7b7251ec3ecd22977e69941356a96901604113f8cf4

SHA512
f6702a616dca13e00a7e6127c683c3d27bcd640282face161d44b486c8629a8b1eb984d0ea5ef90a696f5e5e80718856cbb7f49ebc70f7d640aa7cfd32d39d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575ef8.TMP

Filesize
89B

MD5
c5279a590b2ec5ca93c3c3e6a3e27af4

SHA1
b2b67bb978e5c46102dc521e9825a7643a3d1017

SHA256
a9aae4e813d218484768d117f269e959c8f559e5213b1ca7aabcb67c84dd8686

SHA512
df4e58697f3167bf2783dce9e87e53b8aa5340d9efcf38bfa509d8a9ac366873e136312288c038db1720e23e711198afa40e0756bf08c8514622bb06f07597d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7091f603af850166074b77033b7ee4d9

SHA1
99e65403297070c3e3ed093dc5e637d00f760d3d

SHA256
22716e3cde11e0569d0ab4162b095496b071ccafda9b478892655ae1c1050de8

SHA512
ffdaf2fb4c274419ffe040593b1dc22eda71b00fbe3b55ac790f68352da8a5eb488e90abf5a86886e59d8023b242e285560b3a6c0d837a34d99de7d889554b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae03.TMP

Filesize
48B

MD5
486016394548b0762bf8f00a3a6b4cb1

SHA1
0eb399d5f6b9141def44bcbca4ebe79f9719915a

SHA256
631c99dc7a26afcfd10b13d44f5886ad377ab6f752a949186b9d4d2ebca44953

SHA512
f0b033a1940451813436b67092829b59198b2f20b93fccde3b7533462157614ff3427dd24d76858f22e349610b403881bef2ac37416057b8c65230527225b863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac9f5e717434bf68d0f85b3ddd4fe868

SHA1
8c18c32e2858ae47e4aaec04f1e85c6386b8626b

SHA256
206fb6724db10c4bfa26be4d62f979346910203046a550eef0754511c0d092be

SHA512
ab838aef5911998b898a1d43a1ebecac1edf12fd8796bbd187074ea2babf321aa990b8cdd40124fed0f641eae6f44c2cce10d47241a4286bad68d5619ebcd6ed

Download Submit