hxxp://www[.]youtube[.]com

Analysis

max time kernel
1799s
max time network
1691s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
4184	msedge.exe
4184	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2688	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2688	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 4660	4184	msedge.exe	81
PID 4184 wrote to memory of 4660	4184	msedge.exe	81
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2936	4184	msedge.exe	82
PID 4184 wrote to memory of 2132	4184	msedge.exe	83
PID 4184 wrote to memory of 2132	4184	msedge.exe	83
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84
PID 4184 wrote to memory of 3248	4184	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaf8446f8,0x7ffaaf844708,0x7ffaaf844718
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9005146240369727091,8592839902550887860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
6e6b8d0cb0b7450e6db5e90af2496e99

SHA1
bca8bb07f26108b1d25b45e94c3ddbf44e49d4de

SHA256
52eb3b51a06f2aa11d034e44fe47df9528eb800611c521de7df96b01c7ce8355

SHA512
6bb54bad0a4d5bdd8d82dbb9fcb4a8012a1a13c31facf40ac18a0e682d202f0ce528999cc5208b74089bbdfce9787fc7b75052ec9e0dcc9c63ee07f3b11a7280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dffec4cc5c16c040ec83aa428e90ba1e

SHA1
9af7de5ae2752e3254d8a055f5dd321070c34c17

SHA256
2cc26200ecd4a2c0478e97ac71eddf203a05836eb6c52cb2869a2fcc7d3ffa7d

SHA512
3c1e0c2170c6e458345659b3a5404229e16a16d52e2cffa3676b37dd62e3fce9858be39a3581279848d59f6f2aa794026222c9db31e41f187b542f490c1d98d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
90a44694d2dd6900668ca807d1b2f4ef

SHA1
045297b039f7a63627dcf91a872482fdd973eafc

SHA256
d33cb37b60a6275698592823fbb13791f6af14e0d27c1f3bcdc94dedb9242c13

SHA512
440b3959f1608f4e16cfa7eaf82cb792837f7a3b2f2ddeb1a6986d61091704dd76ecfae685d71cd6fea562ccd1e5388cb18b8c79072ba18f558fb9b2fc12363a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ceda8d5929399fcd01a85174cd407872

SHA1
76ea16b8fd0bb37bc3e51878b35728985385f674

SHA256
502df7e8984d8151788530efc827df8474cfd6ce382596280206999fba9059aa

SHA512
07fcf704a399ee6def8704694c82f46d8d354a173efb03e338f8c3c84a72eef1f0d96d7d24d8a8a95e06fe03cfc99591e52e1f8e0cac92073987aad41fb46b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9155b7b62dd7d096ca55fbc493e09972

SHA1
fa9a8c0ecdfa467cbb39a62b2c68b31d3799fdb4

SHA256
9b24edff6b1f5e572f56c04dc6a789f40aa895a3496120fa495c7b3f79cd7aa8

SHA512
d2ebc7e91a1a199db5a6e6018bab3c95a558e33a068f02931c65da386a94bddd4864eefa9faaf8719e39f43001715dd307247fc6dfee5075448a75c3b3b1fc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
21ea2b1e253bc588b9ec5916681dd63e

SHA1
c20dd1a38548e24aee90a8a1518106d30a8a6c95

SHA256
a5db8405748498d7ab79545f05645b4cb3684ddf60367eaddbad613f8ee3fe96

SHA512
295006afcfd95a654979603812dee9056eed60e79dd83af9466ec9a7a78e07649361a8ee1ea2d1312199bebda432008047b86dfbc34cf5c27f9343ec150b5efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41a041734890ee33c76bb495e100491f

SHA1
cab41b1a79256509f511ff517d1bb7ec83695685

SHA256
3e13e37013ac61263e0b9c535adb7a6b3ef257f7ba2fffae4d8f04cfc96f70fa

SHA512
2dd30ddebb01962530335e400436773a026f87e7d04bd2743d19b339c83ce56beecadb129d797f6c442b1b061e4d854b51998a3c7451f18038c210be2be60817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af25d4379bb50df7a841da391bb853ce

SHA1
3555fac00caa6e5ee84bda7723a1a9fe244e41e2

SHA256
8ec0a5c705289ff8ddc233553541e32a56c32937dc65a6b442cc329b20db0a67

SHA512
0b0d7d2bd9753761650fa9a3ca753355086f1b26e9ff83595ef590cf2274388622be908dbd07b43d543e85c4c70f81ead764294699f9b71a5ab8aa83b3c1ad05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9ec589da-28ae-4e6e-8257-ff1e6bbbe453\index-dir\the-real-index

Filesize
2KB

MD5
a374d20042b2c44672acc88dc548f47e

SHA1
3892109d59296940a4c3c6875fcde56f6192a138

SHA256
25a3b4bd22fea427825a480a3c04dda566083d6912e2a9fb7af73b3d8fafd39b

SHA512
cdd97bb12c39813069d0796b1386bd09021af24423bff929b6034b6716e8656ea8c930e38ffafb99d2a48ecc5e629ed028b14139c71a97b85fb472fad5024872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9ec589da-28ae-4e6e-8257-ff1e6bbbe453\index-dir\the-real-index~RFe58027c.TMP

Filesize
48B

MD5
0f7665fc5380ef4f579bff52eb0502c7

SHA1
06bd8a049dd5a21357aaee7a5fbe5803cb5da101

SHA256
e0e7891f3372c5e01dbbe92d394a55d794ba582dee9eaa9a30b9fe79ffb86895

SHA512
d246deff08b451a407a24622514233b15fad8381909b9b70e3b6085d0007b64f05a5a9e9edee3353514d1fabb111d8cf7a4e1ff8c9373fa68b930d89b2030b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
0308e931a01f7499fc6da808441f1afa

SHA1
4f71744b492baec2d6e19c8ef320f9fee2775ab9

SHA256
29a7ef57571cf25cde011feb50e744ec4f3fcba6667c67182e2590ba1304f754

SHA512
c4a7cf4c24cb91a8c5899dd12bc9706d8050a26b116a36cb27b0b605758c4911eac9a25eade919ed02e6f7db020b021593b4000f95db242e52916d3430e99016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
061b0825bdcba281974e1bc0909367b6

SHA1
5882faeeb8ee762541a95fc8fbc82011f57b7a3a

SHA256
84123d2dcb3e5401c493dec8096dce4ebf32e73efd49ece31964ab114703bf8f

SHA512
ae50c528980ed6be5f97b53cde7863d952dc5467e4b28853f628820475ca4d36d3b34930ea5aa0080752425a488b7628c4cd5ad32dda54822a97ea05863a6143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
06ba2fb3d002e1c359e1dea000ca05a7

SHA1
5b77741f7370b3e48b085187c2efc122126e9fa7

SHA256
dc0d8e892c1b52196faba483951a8c10a84950c4c59b880ab0e33fc258b4302e

SHA512
253b096636af8a784ede77d84d45af25b9cd5f51c91d8cc167ec508ba02654a6260c6089382216a1b77099ce8825ebbe3936356bdc8cb8694d9336bec569b7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
70260e7eb550f90f8fd36451b49a7fe5

SHA1
c7c9478c46925d2de49e952246972e376165784f

SHA256
64d29c5f4187ff15571dd39c2b79aabb4c22781dd327ccd4790a341437270bd5

SHA512
3b15eb0b496f42060221d2a6091e734c8201dcbdf2ad8c1dbed65bdd6359c0b37b1e1a8da5e6346a22929dd68bf5223a157fd07d4963ddbc35d2987d4405e167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f7da603c81f159f151b0b3f8156b7b7b

SHA1
c66f8ef725ef3dbd4edcf6a4a3380aeae9e982fd

SHA256
4c118f543b812511795df6e4931da6fa7330ca811bd4ec66b3dc646fdd6c3ba3

SHA512
c4b49675a19d40b0cb3d59e9f3c49b005faea5307d66eedc5df6b55b6cb7949d588ea6fe49ac4c5838a66ad10d5aee5252d6d7282acc7096746a1a5738d91d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fe65.TMP

Filesize
48B

MD5
bd779f7c15baaae386d87f38dc3c38ad

SHA1
5668ceeab4107d34808c30a29159bbc970e3bcad

SHA256
e2a268045ca7060f3e3b4a7de32ce14e30680270cdff897e3c6660df78ac572e

SHA512
1512f00e9a788cc34acbe76c099b6e4ebe2704fcc4a598568f6e3e3691d02ef25c4e84ea3b17c9572d9f6ce823a818a6a14871a905821538d13f56b0f50ebb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e07b5256a8b817ea89d6d1bebd2ac1c6

SHA1
b4ceb8859b8c865f7bbf2877c8bd22dfa164f31d

SHA256
cd4b03d984f37bb566dd0f2ec1a2af4e007d64085db42da10e9a9ce1442275fd

SHA512
4fe9d3debb13b555a636550f1c882e36a473740fdf40975fc959a3de5a188bc1335bcba9c4c48989ce8e4187d93d5b943d540169180999507c71ef913f9a468d

Download Submit