hxxps://www[.]youtube[.]com/

Resubmissions

04/07/2024, 20:02

240704-yr36pawejn 1

04/07/2024, 19:59

240704-yqfn1aycpb 1

Analysis

max time kernel
41s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2844	msedge.exe
2844	msedge.exe
5084	identity_helper.exe
5084	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	968	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	968	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 4540	2844	msedge.exe	80
PID 2844 wrote to memory of 4540	2844	msedge.exe	80
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 3136	2844	msedge.exe	82
PID 2844 wrote to memory of 2576	2844	msedge.exe	83
PID 2844 wrote to memory of 2576	2844	msedge.exe	83
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84
PID 2844 wrote to memory of 3268	2844	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddc4c46f8,0x7ffddc4c4708,0x7ffddc4c4718
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9880838999554024489,4664815917466840254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2dc 0x2e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
227KB

MD5
e09df5a23acd241007ec35851474a7f9

SHA1
9802085247211e3c82c5e6fefc003e7c1f21227d

SHA256
846921a45a6d2203548059f9b22a5a5513105e43098da955bf402e681020bf56

SHA512
765b7cfa03aa7d750a18ad63c072c069329f4a7f7a594051c01700934497533ad07dc503c8b3892d5ac97f14b8b85a6f4868c7e5a1a4d2e40a7ae4f7514d1009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
c7444597254c3ab4b9a6aebf59420d6b

SHA1
af57edf5ad540ae22782b52fc0f71ee59ffeebc5

SHA256
fb8bdf02d52305589b64fdb41330d16b0730e28a61b6fccf7fce6f142792deaa

SHA512
f23810b709e61804ccb51ad153f220703a02e255ac7ce48cc108c809f84678d65bc22e87312d9b7b3598c30de79ef892ecf5bc301415f6ea795810f58a418e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
47KB

MD5
127b7a9f7009939d0ae5dd1a48386985

SHA1
f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

SHA256
9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

SHA512
b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
808KB

MD5
c0637a08f2ba40c56260782d2bb3ace4

SHA1
a2bf4298414a764ff1342b3f48f45b4dc1669a96

SHA256
d6ab12688ec8cfe7f9235b18c7d7a4730d86278ba1efae0d715c0d054465781e

SHA512
736d1ac8987102028baef59d43ceb2fde71b3aab2f8f2d8d306846a457e2ac224908968ff7bfe34bb05beb7998223d393244cf5da84f9d64f8b71c9f0b2ca6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
af5bf693b92c0d2c8441b3a6640c4ad8

SHA1
12ed4ac73239e542ab8d7fa191dddc779808e202

SHA256
b9f2c3f2ec75955d96309f759eaf9fb6bf576c238377491dbb92de1768a26012

SHA512
c2ef099832fc5e8f1e67acbd550b0590c0fb5c291761280a2e74e6a97763906b9c0c1a2295f285462ba3a0ed7cd5658f296e5f0f9c5d11a97ba210f352f8a438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
cd3756106418d9e83a2baff9904ba221

SHA1
4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a

SHA256
57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee

SHA512
5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
dfb674a40713298c121821958e8f4d02

SHA1
7a632b8e7579099e6b37ad6e983f62d01d6a539d

SHA256
bcb4e97c110c289fd4a17680fd858b8f2d2138c0aa38c2bb49cb1e75dc3839c7

SHA512
d2dbf25dd2945b428b0f7266ce46d0a68e632681e4e3c9f1f166fcd086711abaff2bbc4157cdd8f4db1487a19a145238d5f62223a231aa249a68a78a32489c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e56d77943da6aa96894971b6b2ec23b3

SHA1
661e6228482cbf0fdcd9ea615cff34cfbbbf2a03

SHA256
01cbc52c0e22406a6d0b47213e98ea7baebb877820aa8f8633c9c00026301591

SHA512
6c562b2ffaee426dc549f8217ac8b5b59d70bc34ebe83f39ceb602ea61722f5089ba389f246ac13bc9df6f3740af28e5cd39a1d874f643777d88a083bc884bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e1ae731d3a708eda2c835e31f7ce413

SHA1
bc5a8ccb6db1a271595f3fb8c66bb53ce4a151a8

SHA256
9f72cc1cc84d7b79a2fc10801ec797bd3e234989d3ea9cc79319dd7eb6f180d3

SHA512
36ecf996dd629cd5ac9d26e97d8f007bfe1c5f446069a8cf334b9fedf0a83222c038e52faf3ce067acd19d0a12890c60ca13186234aaaf53c8b59ee02737c48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a7dd369752cf87385b9c2a0ba694f8f

SHA1
1f67f16be3052d66458eb19234c570cf023b84a1

SHA256
c9b6f8e64d6cd88b5a51c73a8c9682f75c987c222cb663f400f7daf37cdc3084

SHA512
93ccb7c1e42013ff9fd9ccbcef570acc8056bdfc1c26e32b0f29a2d95ac0efc1252f9370b7653541c8dc0764965283a763d45703e9618a7185cbc8ae6f896ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88d8a53e-67ab-404d-8e64-6c934905a18e\index-dir\the-real-index

Filesize
624B

MD5
3851e550e47d4a54f4b012b2fa361cb6

SHA1
e3fb5c50f875b8e61580299aab23aee77c206d35

SHA256
a07ae469a42af11dc2c34c3d80e827750234229b0280b6529732ecd10bf8951c

SHA512
8f2536a9f9fd06afed4a79ef3f87b5c57379531f4a886d8df5bd10e6a1db846abc0667a730ff1fe2a1dec1ef400f87541463702c4c81950a91557614e430b87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88d8a53e-67ab-404d-8e64-6c934905a18e\index-dir\the-real-index~RFe5841c7.TMP

Filesize
48B

MD5
be3da6aa2a9664dead63d9f3c16cb983

SHA1
63c745b149234b10910fddd0538a14ee1d65cf14

SHA256
2957cc4e4ff9f99ffdf9cc8c3c84e393751499044f7216c3da647a5a9177337b

SHA512
3f9c5f4ee3fcbf5b483ec4f3a8051beb6a6a5e5223a9b155734c5e0e2647e3fb4fd9a3d46163061943cbe730c9ba86c026903513ca50ad115d958a3a49a22935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d7903642-aadc-43ac-9fa6-8f4a9902a777\index-dir\the-real-index

Filesize
2KB

MD5
3239037200f2303caeea7b651961018a

SHA1
15b99b23fd67c9df5ba6a82eec1ce6fdc5f52061

SHA256
0f9d500615bd8ac21ee82150b8b007cdad01ac9a37b0d7108ea1b4fb3d34e4e9

SHA512
72d6535c7da9c3a2fa4c1df9bd97ade82c5db93c421538f29968d046c43ddb86e15fbf41cbcdf2b539ab5d7c00292841acf8f5bd7f318db2d77fa617413fc189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d7903642-aadc-43ac-9fa6-8f4a9902a777\index-dir\the-real-index~RFe57e7fe.TMP

Filesize
48B

MD5
8430375c79c013b2dc9a17648a14fce8

SHA1
db0b930f41ad6bd68fc0b740f228829ed3492bc2

SHA256
3471f65e07049086d88b075cba58880e6d3d2b82c9d8f1d840e78d2d9a9972b9

SHA512
60b187173fc5b62c44323f8eb297d0611d44929a0991304993ff541cdabdcee007b5713fbf71c00591e477ade552dca95822798690dbeaad1109b9b7a2d343c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f810bd9f-e84a-47b2-93d7-1787009728a3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
09789ab05828ace81bf6a90f17c95974

SHA1
f216c7cc733a4a7df1d7e92781160aff87351b6a

SHA256
fd28f54a65689c07d1e0f0f176ee4c48b353cd70d146cca85c518e98eb1dcff0

SHA512
47df26e5c9b2ce3a1ca915a9a248987cee7b454c96af46db48f9c3370172e2e05deb51731904ac06046c9e019d72c1c414c5ac19c044d64ae41a1497df0c29c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8be00da988d48ac4225bc999a0480c0a

SHA1
aaece3c43a46588be74bcc9586438df88186f515

SHA256
a43ba63e34a9f232ec468d354e335e34ebbf57f9df0e854884c3535ae784df1a

SHA512
0fae032eaf2df51598b45f8be1c4a68afb88d174aed9bff1a8562bff88c2c36a21058063be085dfca89c206d88f36fa42daac346f057e9f69f35c3e721eb025c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
168ad55e9f25bd483e27bc27e94659b0

SHA1
183a3c7d693fc54822b2876eb7df19555dd1ceaf

SHA256
30225d9f44d46c724a9cdbe3947f88bf59a006dde82515d3a09b2e980ad101e1

SHA512
b96046d105a583419d02acb299fc0f3a80ad790bc46c44bf63044ac329570c447406e5e2ad40de01462f5b991da904265678f298b0d6ca2bb68956e2cf9bdefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
96684caafa289d4896046d1d2aeffd42

SHA1
5dad43f0195faa50d847b821099239fca5831202

SHA256
d8089b164411efa3c59500eca568da81658cdd65bbaf61b4786355a1cbe22c79

SHA512
6831a85520b1575dbcd45c6a17e011921297b65ac77075e97085e5b8b76144b722a9c6d7d3954bc14d44cd251e32739110e912cea9def31f780dc5076c836e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3041645a9207720ada5a7f1ac8212ead

SHA1
f903583f287f55e6511e148cf6fa38760b15fa01

SHA256
b35682abdf30a93564372136b0769c4ff28d82266e62c2662320c34621557257

SHA512
521c354703bccf0a950f4f624b6b75767df33a9434c67db38553b5f0f192d51bbf1364244a166450af34a3c107bb7a1181d8a3408fa4d35c135fba5d7a5c1532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ea1e1d698712fcd08f53d0692b6953ab

SHA1
17466ef52cc52b296aeb0354544e7d4cba85b382

SHA256
ab07a991787448851b52964af31966ae46b2b572d290c66e6c74aeebe7f88474

SHA512
1a182ae7cb505aa793cc4cb7f0c442df10b832cb4453df028d7ca227e743d3ee63020c8d10ee4bd042af84316f067c718b93433b1cfa34337cd0bd31c89bbda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
1dbed35a98e6b53ece8da700bea5569f

SHA1
cc03abc9cba36c91795dedd0cb1490548d7cb7d0

SHA256
750db64c941b3b8e44a3379e46eef9b5f02e83ec1fedaeda698e99ea3e417cf0

SHA512
e30cd7ad7af51c83a346103fc94be525d5fc08aa63a552547d3a35602ec7f8a7f9f3c8a3d4aa780fb74ee1ad2c50ed507a29a487fc14dfc70e66a5c080d8cf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d2d24705e36b11b05650ff33076cc3be

SHA1
779c1be4ee8fbf47524cb0c336803fcd1e20a4e2

SHA256
568bab979ffc47f1e8b9c9f014e03e260c09cc84f68a5dd9b98482d44026eff1

SHA512
43f3ad49df01b7bee5fe9faf4bda303424a4cf9b273f969e9bb21c2e77b04b641fc8a824d33ccad587494ee775ea1cbef03ae93784bda8e39822c98e7944f50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a16.TMP

Filesize
48B

MD5
6ec14973efa438c47d6cd94fd2c664b7

SHA1
0cac85b1dd8e1cd4874039351e4190d54f07cbe1

SHA256
32684674ff7881352763a2093d69c34ed4d8137a6501796730a054718070df98

SHA512
a902022c27c7d6dead0adf75b712e7db7a670286f9885ac574ccca39a88d2bb6370253ec924534b20f756921311b5a10b4ab6a8caeeaafb06d7abe712bb068ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5a32bd9d43e47c28e1d50fadadce39d5

SHA1
cf76b6f051891712d8f52bb2bcfbdc804475487e

SHA256
f8f07bedd590d45d9ea4e6997183298d9ea87dde5eb62930b67f21d698660406

SHA512
88db388dd10f53736dd7eb50be9f7ebbf69cecd82d54d9baeb6b77d5078c0b29747760500316e1fd78b98ac0b37835cf0242cfc9851eb31d05469825c994ee13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ea1.TMP

Filesize
706B

MD5
63911eb575d3b4d6f6c2f33d89790aa7

SHA1
f776130d73ed7725adb7887fdb729c824a3a2f3e

SHA256
4fa2cf7e50a4e49c35827d779082a676b8b48c778a5cd5f6454fa98a33ecad30

SHA512
bba9c7b1b9b57cd4b18508e387e38e1fb2b0a9849d570424d5512be4d0ed4199746dca01e8e815c60518f22842a25742e799d82ea904bbd1e5f8fcf4327ba460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ecb54355db52e124944e2b6c50f8848

SHA1
e83c604397b4febd8ae6c68fc089bf576cc619c7

SHA256
ad33a0e2bae057551287fa6e869d0060b88d7988f5419ad53c18c38a0fe71617

SHA512
81208682aed067567b04ff251321094e400e55c5b01a7c6a1f2054bed112fa3deb8f6f3bbf24bf954cdf465cb4553daaafb9fc77bf5095b7a0903d7e184ae66d

Download Submit