hxxps://www[.]youtube[.]com/watch?v=FRHZ1HMP_SU

Resubmissions

18/08/2024, 17:12

240818-vqy9kaxfqp 3

18/08/2024, 17:09

240818-vn982sxern 4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=FRHZ1HMP_SU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
2100	msedge.exe
2100	msedge.exe
4340	identity_helper.exe
4340	identity_helper.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3616	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3616	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 816	2100	msedge.exe	84
PID 2100 wrote to memory of 816	2100	msedge.exe	84
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 1292	2100	msedge.exe	85
PID 2100 wrote to memory of 4832	2100	msedge.exe	86
PID 2100 wrote to memory of 4832	2100	msedge.exe	86
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87
PID 2100 wrote to memory of 3924	2100	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=FRHZ1HMP_SU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb8,0x108,0x7ffad86346f8,0x7ffad8634708,0x7ffad8634718
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,12870672729769080290,4016225514497424767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
4a7cecdcdd34ce035471a9395ab3ddd2

SHA1
217685bc5a0ab523b1d297e35f4112236f925db4

SHA256
bf9f9359b87dcc392599be4d252095b686d4ee02fd6599730da5f0cff4f2c611

SHA512
84b0429f2969f33ce716288d8a1dba3280a198fddbd0af5b53226e109ac3017dd03f87105cf668b9f2db1c17901d99b3d4c25cf597bdea283817cd5c79d7fd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
803a9da6f1f87797890c8757cb6dba8f

SHA1
870321a225840ef4fcdf1d78cccf41c3f30842bb

SHA256
c6ba9b309851ae386767262e2fc9e36c2132539b02642be4128adf48b815cc11

SHA512
6cbca1a3f1da7918681f6d579dcb8f3f731ab89ef356e0f2602374fded02f6b7b0786c37c213fdec9330c941eb9a94b13927bd6cbc393ca11397306dba0e953b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61190f26800eac0f00a50f83df7369e4

SHA1
096d1e437e28aa4f2767f378914bdc4792aa5df8

SHA256
0b80709374529ff2c777b8d6330d20500cd9cc45c719067d3a77c15e390358d8

SHA512
314b64ae765552e3e73c0bb13793e125081a814277ccdf58e89c88009f9d6b7a544ae659940733537cfd080a6d3230ea7bae8965794ac4930efb445181bada93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ed2eb8f9e30640efdc2e8c629c336e88

SHA1
5248844497fb0befb9c07fa73c5d17c8c46cd322

SHA256
4864675f3f79b9ef4b005e6fd8115f65b7382e419f831f14625807dfdf992f60

SHA512
7d18240e256a0931c7c740527bcc29d36ccff71d78f22a833c01610e67b2d1b02392fe7f5b9079f685918f99ecb9834f33fe32862fe816047611562a55c37957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ac6444f4b2536d8236c2a69963a7216

SHA1
5c8d67f8db877fc47751b71007e9cc8f51456dd9

SHA256
1e69449ba5be907c60e3d0004327dccb70f591f21d70810d2048de618a656d64

SHA512
863869a12d2280fea21b0b40c0460127a091a18465cb5ef2a0462289f7fa01cff1b32015c1c25df9f58a7649370569ca371c718b84d3917c74658503791bbf6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4981e688fadf46761e67cf0eb6611df3

SHA1
2bd0368e8b08efab66060adc3a51475cde4d9160

SHA256
13206837c8f8907291075a4d570e4d1887e10b203c215c90f47fa83052a764cb

SHA512
272aa73a83a8c9cb38ec191a0d934b9091a04c5da727ce9d4f8ef31f73dbdcb9d790c6069e4655c365d0de75828b248b7f226f5cbe1a4d25001b7ece6643c46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b4947c8b86a6c02f4b57bd1ab46f5f8

SHA1
2d6bdb1f5b64aa7f6f35d0fdcf6b5c1f35970d02

SHA256
58c0624424278f43dd0e0afea32af75798ddf01883f2e222355da1e38e1678b0

SHA512
55f469aa95ec2c9ea40db8267daca3ecb220b2985238fa1fe96217c7c53ccb0f819a153722d9f7fc65e10dbd94deea926c6397089b1d8ff26f689b3753bc5b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e3806c117eca7257ccad840ff60461b

SHA1
47f66ea5a69b18788ec937f1b5fd71f378876ba5

SHA256
6b295af9bafb77800421954fbb026d4ca14c89fd674c01a2db9bfda40894defa

SHA512
0c3e738c3de6bba1a94950ed3bd9e0002e2cb0a2d2a7df565f044601b20a4771ecc58e3933272154bb9816d28c43c1bfff2c97653dbc3d2a9f8d10da273a1248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e20e99ca1802b62407e9113da9b285ec

SHA1
d50c704dd7979695825984011a6df6694194c969

SHA256
ad1cb0183f22abb4a7c46d773dceb9bac13d99f938af0a27aa52629f186f6e8e

SHA512
b01e6f44e6b33c6c5548d3eab2cbb6877f4017f6623cb70a571cfcb3796ee8b49dc9ce327323f9cd234c803a6ec0a69475e133ec10a2897be7270c4802bb0656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68c5ab72-aef9-4aeb-bc9e-ebbf4c0b9129\index-dir\the-real-index

Filesize
2KB

MD5
4fbc3837aac22bd0bf8ec47e51b68b82

SHA1
668cd01eabec425f7dbc693d8ed55ef10cb1b111

SHA256
22ab500c2a82ec8c0aa5221489bb1aa806062dc9a30ea290085b67dda20c0642

SHA512
f98ac2cb6e6121853570b355f6f52335f57a9c41d71b659700e34ef9a43daf3aead0b769306933f53fd8e548b65e0c1ac459c82dfabe2fdb07d932d0a566b228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68c5ab72-aef9-4aeb-bc9e-ebbf4c0b9129\index-dir\the-real-index~RFe57e455.TMP

Filesize
48B

MD5
019f3414f2d3112b0608d51f869f882b

SHA1
7e32ddd24b0aa1c0fee1943943b0f9bd7ea0a5b2

SHA256
f1c406e22881c743737b814d3dab7a59176a4ababfad3c000e41aeba501765fd

SHA512
bd03d883a0010627e6e072c82805e914572642f99c0b2aef07d08d92f6ff4a61cae56623e6962d74e7c0b5996dc01b6e187f54f52f4a919c4e0348eee3361b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
c2d7c5c828f71b56f87ea943ad319503

SHA1
c1a614aa528df0ab36a83e80dd157bcde2c9154c

SHA256
86cf47669dc18b592bab89b9e1e93f67f236e214748395636b5aa6ba1319bd69

SHA512
07d392a51a95b5d54e45960c2303d74c375e8251a96df1e3d0ba0241cf493cb36534b968a20f018f66c28ff509524b1c2477341521f73cc8aceeec40e73fa3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e5aa63f7c7cf39c72846970057cc3466

SHA1
5ad135238948e771e80ff6c5221d20e8da3e066b

SHA256
d0885daf840f37d0d89fb7f60dc068bf30d7d84188850199785f93a942cbb305

SHA512
40ecea8f07829edbfac0fe52be158c8cf3ddf3a3e1d74090fc1bc92eb03493d54b7ba238e8d0c9362799c5b13b5371d47c2f59c84b0a1c3a3b2d14c88b8e7f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
9efe03b3f10477540f165652298356c7

SHA1
3244707ac18d8b13687c5171ffb94349f294e5c9

SHA256
f6876e3ad85458d442e388e389d186590bcf3235e624f1c64122af952cd03c8a

SHA512
010408210fd3a3bc11a8ef1f598a83deb5b2fcef7aa593cbf7dbaeb1aa4d10683910ed9e7e99db2ba1546e7d77b441631aa62aba6ae23dae213a78d6be3d0bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579088.TMP

Filesize
89B

MD5
b20aea06a3dddfa5613fe338e44f4d39

SHA1
7ec7605b157c3460f23855ed87b44e0787e51e70

SHA256
407dc380806e6dcace81e76ccfdf1d807d1e258277b500e704c26dce0b5a6e6b

SHA512
71108e3af15849df81e6c276b8cec37630f9b4b662152eba56b7d6e3cc70528ed8e9de0559154007a3a098b0a4f05d6b1fdcf7a166a98f60177abaa2aa1330e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5b82845ada95de417a1fa3533fd056e6

SHA1
bdd8dd70a49c5e67a9aba8ca7f62416c14c67dbc

SHA256
2282ca978345006bb2da2ca844bd91b8d7a2d8d891814e7ebf73df40da50c112

SHA512
21aeaaeadbcd3043b39319c6ce51d8425915b78fe86773b134b2c7cab91a126bc645fcb2dabb8961420d43e710d544242b33c76f4972e15f77e7f2eed18680ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
6077c97266f0a8e4431cf3853ef9a5d0

SHA1
901b3e4e85ab7c760db8a3794dbb5cdc19c1ca6f

SHA256
93347c1bb082291321a11271e781adbcf8754ff03e709065113879d33da44019

SHA512
8e7b80bc2c4a77a9ac12b289922e73352e525b90346eddd474722af2992862e49a781cb8b47e6a76e39306ed0d0ea2b748f04fa80d56a0b719fc2518c622e630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dfd1.TMP

Filesize
48B

MD5
67a4baf777c4a627f7d2d654826c6e1f

SHA1
16f1a362dc638c8f14f4aa083b4958f90777b843

SHA256
828e44c5090b8472ea30845338df0d0c97e4e6f8655cea6739bca8f425e00238

SHA512
87b2e85e678d29f716bddd469c75065dc78afdf16da210593aadf3a634df2ded50d8b6eeebb8db5401c4c2d4444118cf245fb72a22e67380d390d4f3c2dc09f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67c280308187455a25c16a89268626e2

SHA1
f6b51c590a8e9bfe2e9ff45e8c2109f110e1ec85

SHA256
6d431fae8424b36abac80f87bf67a102d65b9739c2a181a83641317e992e9c3f

SHA512
c5b17d4ec341bac10fb8479642b04aebd94a80c3418b07f12b503aaeff6d21506d46e6fbe61d1ff6c380c46a7a2705cbf1e8d1e5baa65b730482ee84f9bc5bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e38006a4514c347e1db89bde9a9c03ef

SHA1
97efb5304ca0c23068e22b3de85c678d88f50842

SHA256
477577ca5c8ed4e162280dcfe58d96f99170c678472265c1b8aab20c080df6c9

SHA512
3b1cb6b50f33ee009bbcf05cbf4ba65c9579d6a4929f5074862868c080bcb4d1814854c8af2a311efa2f4087a219ef73774a6b75dc22a2e1620fb9fa23c25dd3

Download Submit