hxxps://www[.]youtube[.]com/

Analysis

max time kernel
1793s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4380	msedge.exe
4380	msedge.exe
2768	identity_helper.exe
2768	identity_helper.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	776	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 2956	4380	msedge.exe	82
PID 4380 wrote to memory of 2956	4380	msedge.exe	82
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 3068	4380	msedge.exe	83
PID 4380 wrote to memory of 4568	4380	msedge.exe	84
PID 4380 wrote to memory of 4568	4380	msedge.exe	84
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85
PID 4380 wrote to memory of 3096	4380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff471c46f8,0x7fff471c4708,0x7fff471c4718
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12132248019286164387,4463384715652307497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5974e1fb0901055ead1a764407503be2

SHA1
c367cfbfd966bb901532a26cf027836cc3805c2e

SHA256
650cc716436dc869c081ca0d7e07b912e90157a3819180e1479fc9d16846a9fb

SHA512
43a1e021c5ed438a951a826b32bd57caae1555f964f17a229399e0a28353b5dd1fbdccb3ef2831f8a974cf44b732ab6fca66f7d9dd274910762c2fd92de64d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e94ee0c13491df6f239b9753795d2071

SHA1
4df008722b19d5855db79d031d2be42556dcf934

SHA256
3ad4d31dd1f0118c9c6e15ffa1f636c5f578a03eb428eeedde5eb6933532b8b9

SHA512
2019570f3e8f01e3b9ab0ef7e1964779ba7456f5073742bcae54744bc3092c79184f75edcc8c3898871253de7491736b9172bed418fdcb93e4075cdaf86b478e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
86c75f04b9857500db156c8dc6d46cf8

SHA1
d3099932d4672e1f7cdf0095da7011a52f2a6f0e

SHA256
7b29ea64abaf0d6dac49f8eadca9e5b99715d696fb0f58d2739c37e1e7dea574

SHA512
35258e7dfb0e4833e40438924782b8c28d85513df7c70cfa4cf58418982480f731445f10ee7d90c3ec96aa023096166c56a1a9e4acebd878676a0ced0afebd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
387a1d2bed637c235f78a7a61dd31588

SHA1
6f70896198177b30a93dbd0df3e2a6e586715897

SHA256
c537131baf0f1241ad88e94c3ce9e8ae9627a3193016756eac978c8896dd49d8

SHA512
789e22cc227a63e0bef642bcc7d03f77544b04b71509637118ed9bdf935acf6162189a0198868755f8432c71ffb7a4c29ed4ffc4344c10d40b681a8f5dbadbc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8f3ce855175b09de281d91f8aac7458

SHA1
cf82ce171e8af1df725bc2cc90b39ab2829ddfcb

SHA256
5c9d70af510708adfe9135130cd15923ca848cb40caa78595c82d4b7fb2f8a39

SHA512
823ce54b65881f41938e2c48b40c6cdabe4c296e82dddc2a8665fb6229fa9365883f2082fa4f59adba580edd98cfddd281d15858d3c6302073b97b71c60b635e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a51f9fbb65801cc46659994aad25e68e

SHA1
0b94f660febf7b203e9b755360d10d3302b84bb9

SHA256
65b8a55ead9aadd93ca7b0996ecf50a4f09e9ee6412ecf44abff83202ad303e1

SHA512
35a063bb66ea99768b3bd073604bc5df1738bbfba08e670365af4ace153bcc1ab0a23c003b747324c0c07875870fc76309d520227b77b47d035b260213db4c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cdb5171d149e82f462525ce5c80e96f

SHA1
f4ad9c99d9ab5006bf705f195e7f3b4ae7d22380

SHA256
79f02412805a29317484ca130299712796e552f546bc09f44db6f6bc39dd4eab

SHA512
2e256ecce13b61cf91600bfd89c72aa3d5d5924eea0a55e501c86a793b24f1d54e2dd8b5da7f77ec1424b897b6a32e92aafde1ae8ce4e19d53c1d4311fc75510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0402532d-6ee7-4f4f-9c0b-9919100b392e\240f0f88806c5818_0

Filesize
2KB

MD5
8b55dc2465c37632f320846ca4ebc80c

SHA1
fe1f924013189cc3927794a114d4369f11a86566

SHA256
512d2f57f0b7dfc9a3e4b0755e0810eee97ecb19c889b29be88b500d79bf9ab7

SHA512
470fe782c7fbafdc44e07eb86278f633f239c98c741431163945d24a5218d686421db610ee7b532539dd4439e1e0033422edb58f25713473af7e6272b4fb9815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0402532d-6ee7-4f4f-9c0b-9919100b392e\index-dir\the-real-index

Filesize
624B

MD5
e8bb334725e2f5853a33d15a4d34f603

SHA1
138cd49733d199028bbd22f7b3f168fd2ed8dbf6

SHA256
c9cc2299102969f45186ba74715f0d24637bb064ea1aa566395e4b24553f3c41

SHA512
124e932a32f1efbcef07c0edd4477c6d93793b634b14bb40afa7da4625002f49d6bc9f02cb546d40ce15a4057aa96f230b64ef7aae77e1275b8a41d6baca7ac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0402532d-6ee7-4f4f-9c0b-9919100b392e\index-dir\the-real-index~RFe57a27a.TMP

Filesize
48B

MD5
02e23b9d1032f428286dfdd9786f494e

SHA1
48ea0504049beaacb531471b7f61e3f0a6fedcbe

SHA256
0746f5a3ef314d5023744b7781971b91e2a2d6d1b7fedeb60004c17dd331878a

SHA512
efe677e156cce35f182c0e777283842081168e0479c972f1341c0df7eb5cebb4af90e13fd83e7ea6cbb66cf0ec76348d9ad0d3f4cde0a230e3ee3b701f0a4821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d4bf2db-9455-4cb5-882b-0011813b33e7\index-dir\the-real-index

Filesize
2KB

MD5
90900684e32df0735bfddf7d3c6fbffc

SHA1
755394c363cdc3833dc6c382edfbfb6ee77f8ae6

SHA256
cbb9c7b003f652f3e00cc6ef54c940bb4ef8d608e6898614ddfd0d60ecd0f172

SHA512
4be075a249e1a73ee07ee5e02d6b141f395f10cd85ac319370f9d361234103829d64c3609da37951abb775a7c8404f655ca5c0b993ed270af8354d2a2ada8b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d4bf2db-9455-4cb5-882b-0011813b33e7\index-dir\the-real-index

Filesize
2KB

MD5
99f022bfc251de1da71761b197c5c032

SHA1
7fb257053e7e31e320a94ca975f974500614a126

SHA256
f229f87c3cc28c992fe48ddf42326bedd0abdfe3fc3d42f27fed548a2df06a1c

SHA512
f9c75378388645c43399b6f71c86381170e162fc706cf72c9f9e00e613820de6e8284e4c12ded26b4d8261a4c3d38913d9f3f6dcf592f5ac350c06242ac9f238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d4bf2db-9455-4cb5-882b-0011813b33e7\index-dir\the-real-index

Filesize
2KB

MD5
98fea8f7e1953bd4243f74da6a90b966

SHA1
ee78f0dcf9c222487400362748c4d519b655c673

SHA256
b916160bc02b7f815e880337f90b02305c8992ebcd5277ce4de71f8d2d76b932

SHA512
6a42c204faf97b8ca44aa8c49a8ba482976d220b504aa62d8cf3f2488c9c126de67f7539dfd57e00f0aceddd3f542bf6601a1e3f5016b7878b041eb3acc674a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d4bf2db-9455-4cb5-882b-0011813b33e7\index-dir\the-real-index~RFe579df5.TMP

Filesize
48B

MD5
13d0d8e85fbacaf3d704df6d119effab

SHA1
2078ad8b6324819cc81cf6c7cbbfde5a3ebb15d3

SHA256
aedbf613cad32cde16ec58391ce9609cfc3f7aa3663c604a9e04807e4bc06fab

SHA512
975bfea41a4edd3e862bc5fd07969945114d8b76eef06a714da7e22425e52d995cecd17b22398929d765fab02cd43c2e494b90f2ff0895efacf75078ad7aeb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
cd1d71a5220a99e79a8423c0a8091a94

SHA1
7eb64d5a1afa4af7b24eff3ad9e0866a38b429ee

SHA256
d55d37c0135c5bf02a9b6e3f931e08e84ddb3c6c489f1c04e9285612b1d95c87

SHA512
96a52e3ded60d70a8d0d44f4d685de86de6f2020a6cb3525b37889b08e749c8df97ca70f02e03778d3273c2210f97a5d64f5646d7e203a35c03dc4d8a8908567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
270888e050ada39eff2072a7f14c0cd9

SHA1
364e7d933587f6e150dda100904019eeee0ea5fb

SHA256
a262703896acab51c3036bbb838d22de7af6958495a27ed7099655ad4f58be8b

SHA512
afac72c848044c6b055e396b1c5fadad1d0a8425a684ad221535d4e08ae629e510ac2286e301f93c1621fdec0ef151bb9dd60d4883e90e08678527ea99a66d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
24953770faa326c2d7a7df4b71e71e5c

SHA1
5cc10053aa26827318d3001bad29bbc2b4b9c4f0

SHA256
e822bbbe625695242fd5cf13292364ad3004e30d94065f22d66c111d755a681a

SHA512
e42395bce469fc6e52f8a66639be49efccb801f63e58d3d345d3828757e5cc824779ef830a24ff9dd1db6765f16c177dd7a254a67dfa58ba1895133153c174c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
1404076d80e32a5820bfe1a62936c802

SHA1
dd8e0221336d1d71c917669e74f6b75411bd6816

SHA256
60851bbd1e6cf3aa99c708df3892e42a472333d9142fd7c0ebc1a6248bd3adf2

SHA512
b00e1110ab1f99c685e84ecac9b81e46e83e8ef351d7c906ccab677eabae39950af8eea2ccdfa502b4068862ea4ac1459717e533a190e3d87db4f31431c26f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e8ddc098af3bdfa8e08fa922896db0a9

SHA1
aa283d2a511c816499bf354001f8c66d50af3e7d

SHA256
51a08a86511e8fadd4cb293145c82acbb0cc7098d7e4c6d61548beb6eb520dc8

SHA512
71fb4b8d75460173219f40dac16b26e00f1d16cf1b3dfa179115c4c466db2616a25923e04e4be56417bbe4a5217b8d0bf7aeb2cf7e6357ae9c5d5f08c560a1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
f4bcde3d659aaea65faf35c401109bdf

SHA1
06a31951e5648ab2797fc5e97ecc856f8f082b56

SHA256
4a99c90ffcb64498b23374015714b363156d131c1aa79d87691d1bddf70eb4e2

SHA512
9b7adb5f4db8bfdd9fa3b167237ed6b7b41eb7fa5e81a6e4b202da198e9c51ae0b8bac8fd89d4abdd21f7c31800206f24989a38e13a6b3857b6fce3be975a78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
51d080857e5d2e96168745348f8b3840

SHA1
c15d3a6e50e2bb048b93c551356c979dbc412960

SHA256
36a21041c0f2187884a3f86d84075da00625c39723b7464041103c2d4038d20f

SHA512
4c8b6198b19bb739ebe8963d3d6bf3e7c5e16e3310bfed67c446d5b5a02a00a33cb08067bd9f6de91b6efeb4eb1322871ba97575106df54d741575496f216acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
20367a4a8a825710c3e04367ba2e100b

SHA1
73375e3cf340bc65d0a3aa4dc665b1c75284540b

SHA256
eb981c082b195af8bf7a7bcbda22b4776ba24f5c4e699a7212f86feb9f15ed0a

SHA512
f9a0b869a831d93048251c717d74d47ea35adf4b02f751ddc8a34f7b39817c1c6df029c373b25d2a9182033814b9f4195180a499ee2c75b42f5e00587a14e335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579923.TMP

Filesize
48B

MD5
59068c7c50a94f18b41d1b5a6bca9057

SHA1
c88e6675ca01ba9dbfb6de7725490a09267be46f

SHA256
85a644fd37311619bbe5ed2a3923a1aaf7809275db7722d95b0e2625718a36c4

SHA512
2f26a65668470dad42786f8e612eb1c89b026b046ae6582bb39d364af40fc177d2c2361ff78b184db8867501dd08c07216d491271cc8524e709f27889a547b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc3752f3-1b63-4fea-9973-89302e364760.tmp

Filesize
7KB

MD5
64f55c323dfc312412bd78cfbe2ca9b5

SHA1
36e9f58ebc91d3dc17eddda2a0d46a029fb4fb85

SHA256
2ed9a4d34dcfbb24844c361c181207013a033ca021a171aea8330660cbdcaf96

SHA512
f1ed4625fc00f84a379687aa310a2cf66619f156cad31c5e41a848932076b6aef952ab107293d4e8d2aa7526ae88b7205422ffa5b1f073beee4174dfc1d06436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c753579ae033bcfd6d2e63f17f2ec4de

SHA1
bd8aa5a85777d381544fcf6df141822453784a0b

SHA256
9141b4ce4362aa7f4b4c43ed6430e6f0fc8a72c1907e6b865f0f5bd67902732e

SHA512
990cda69de485bca05065d8e9dbd36b3ab4c34ccb4dcf2e19a2a4d1e5cd8ff4e4f563cd4bf585cd80fb37a1c5ba937485cf884fa9b9c0e1c8bbd8482957e5bd5

Download Submit